02-26-2016 07:21 AM - edited 03-12-2019 12:24 AM
Hello,
We have detected the next vulnerability CVE-2016-1287 and Cisco advice upgrade to 9.1 version, but in my case would be so painful (current version still is the 8.2). Whereas, anybody knows if there is any workaround?
Thanks in advance,
Solved! Go to Solution.
02-26-2016 08:22 AM
Hello,
referring to
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160210-asa-ike
Section Workarounds states that there are currently no workarounds.
Regards
02-28-2016 10:03 AM
Hello Alfredo,
Version 8.2(5)59 is available, I actually patched 3 clusters with that interim release yesterday, the image is called asa825-59-k8.bin, and you may find it here:
Cisco Adaptive Security Appliance Software for the ASA 5505, 5510, 5520, 5540, and ASA5550. Please read the Release Note prior to downloading this release.
- https://software.cisco.com/download/release.html?mdfid=279916854&flowid=4373&softwareid=280775065&release=8.2.5%20Interim&relind=AVAILABLE&rellifecycle=&reltype=latest
If this helped, could you please rate this! let me know if you have further questions on this!
Regards,
David Castro,
02-26-2016 08:22 AM
Hello,
referring to
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160210-asa-ike
Section Workarounds states that there are currently no workarounds.
Regards
02-27-2016 10:39 PM
Hello Alfredo,
There not workarounds either ways, you may just patch the firewalls to the interim version 8.2(5)59, and it will stay in the same 8.2.X series, so your NAT or VPN configs wont change, either ways the best practice is to move to 9.1.7,
If this helped, could you please rate this! let me know if you have further questions on this!
Regards,
David Castro,
02-28-2016 03:40 AM
Hi,
But the version 8.2(5.59) still not available on cisco website.
Thanks,
02-28-2016 10:03 AM
Hello Alfredo,
Version 8.2(5)59 is available, I actually patched 3 clusters with that interim release yesterday, the image is called asa825-59-k8.bin, and you may find it here:
Cisco Adaptive Security Appliance Software for the ASA 5505, 5510, 5520, 5540, and ASA5550. Please read the Release Note prior to downloading this release.
- https://software.cisco.com/download/release.html?mdfid=279916854&flowid=4373&softwareid=280775065&release=8.2.5%20Interim&relind=AVAILABLE&rellifecycle=&reltype=latest
If this helped, could you please rate this! let me know if you have further questions on this!
Regards,
David Castro,
03-03-2016 02:54 AM
Hello,
I have upgrade from 8.2.5 to 8.2(5)59 and all interfaces has been put on shutdown. This behaviour is unusual...
03-03-2016 05:46 AM
Hello Alfredo,
It seems like nothing was saved, since there is not IP address, security level defined.. did you save the configuration before going towards that version? this is really unlikely to happen, and I was going through internal documentation and this seems to be an issue that is completely undocumented, since this was tested in several sandbox environments, is that ASA good of memory? did you do a health check when this occurred? by any chance do you have any syslog server, so we can see what happened at that accurate time? is that the only issue that you are having so far?
Note: An interface will show as shutdown if there are not devices connected to them, so check cabling and that there are devices plugged in and turned on.
Please proceed to rate and mark as correct this post if it helped you! Keep me posted!
Thanks,
David Castro,
03-10-2016 06:29 AM
Hello,
On the release note indicates that only affects to asa devices with HTTPS inspection. On this case the asa there isn't configured the HTTPS inspection. Should you upgrade the firmware?
Thanks a lot!
03-10-2016 02:48 PM
according to the release notes of this last interim version, there wont be any other 8.2.X, so the recommended is to have the OS upgraded to 9.X, if this does not involve any memory implications, so for a best practice, you should look forward to upgrade, and make sure the 9.x wont wreck anything in place,
Please proceed to rate and mark as correct this post if it helped you! Keep me posted!
Thanks,
David Castro,
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide