- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-03-2016 05:56 AM - edited 03-12-2019 01:13 AM
Have asa 5525 running on version 8.6.1. On which version I can go supported on the device to fix recent snmp vulnerability.
Solved! Go to Solution.
- Labels:
-
NGFW Firewalls
Accepted Solutions

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-03-2016 06:01 AM
Hi,
The fix for the vulnerability is been addressed in version 9.1.7.9 which is supported on the platform you are running on. Please find the below link regarding the vulnerability for your reference.
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160817-asa-snmp
Regards
Pradyumna

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-03-2016 06:08 AM
Hi,
Since you are running on version 8.6.1, you need to follow an upgrade path in order to move to version 9.1.7.9.
8.6.1 -> 9.0.4 -> 9.1.7.9
Also please find the release notes for 9.1.x version for your reference.
http://www.cisco.com/c/en/us/td/docs/security/asa/asa91/release/notes/asarn91.html#pgfId-763574
For the HA, you can upgrade with a zero downtime. First upgrade the standby unit. Once done make it as Active unit and then proceed with other unit. (Remember to take a backup of configuration before proceeding with upgrade).
Please find the below document for you reference for upgrading Active/Standby failover pair.
http://www.cisco.com/c/en/us/td/docs/security/asa/asa91/upgrade/upgrade91.html#pgfId-61610
Regards,
Pradyumna

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-03-2016 06:01 AM
Hi,
The fix for the vulnerability is been addressed in version 9.1.7.9 which is supported on the platform you are running on. Please find the below link regarding the vulnerability for your reference.
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160817-asa-snmp
Regards
Pradyumna
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-03-2016 06:03 AM
thanks for quick reply. I am having failover active standby, can I upgrade with no downtime. Is there any path I need to go for upgrade.

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-03-2016 06:08 AM
Hi,
Since you are running on version 8.6.1, you need to follow an upgrade path in order to move to version 9.1.7.9.
8.6.1 -> 9.0.4 -> 9.1.7.9
Also please find the release notes for 9.1.x version for your reference.
http://www.cisco.com/c/en/us/td/docs/security/asa/asa91/release/notes/asarn91.html#pgfId-763574
For the HA, you can upgrade with a zero downtime. First upgrade the standby unit. Once done make it as Active unit and then proceed with other unit. (Remember to take a backup of configuration before proceeding with upgrade).
Please find the below document for you reference for upgrading Active/Standby failover pair.
http://www.cisco.com/c/en/us/td/docs/security/asa/asa91/upgrade/upgrade91.html#pgfId-61610
Regards,
Pradyumna
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-03-2016 06:09 AM
ahh...got it. thanks.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-03-2016 08:21 AM
Double check your current version. 8.6(1) is not available on 5520 platform. The 8.6 release was specific to Saleen hardware (X series).
Perhaps you mean 8.4(1).
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-03-2016 09:28 AM
Thanks Marvin, Yes I mis-typed, I mean for 5525.
