Hey Arne,
You're on the right path. The classic series of ASA's (5500 rather than 5500-X) can't be upgraded past 9.1.7 as that is the last code supported on these models. Also, the 9.1.7 train is the only one Cisco is currently maintaining for these older ASA's. Cisco is only maintaining 9.1.7 to add interim release's to fix vulnerabilities. (An interim release is denoted by the fourth number place in the version. So 9.1.7.5 would be 9.1.7 Interim 5. Sometimes it is shown as 9.1.(7)5. Same thing.) So for any classic ASA you will have to upgrade to a 9.1.7.X release to get a fix for any new vulnerabilities.
That said, as seen in the link to the vulnerability below, 9.1.7 interim 23 (or 9.1.7.23) is the appropriate fixed code for this vulnerability. It is also the newest interim available. I have not seen an interim 150 (or 9.1.7.150) released. I'm not sure where you saw that mentioned.
Your upgrade path as per the release notes should be:
8.4.4 to 9.0.4 to 9.1.7
That said, if it was my ASA, I would be tempted to just take a backup of the cofig and try to upgrade right to 9.1.7. And just rollback if I had any issues. To my knowledge there are not many syntax changes between these versions (8.3 was where most major changes in config syntax occurred in the classic ASA code as that is where they changed the NAT system and added Real IP).
But if you want to go the safe path and follow the release note path that is fine as well.
Due to this vulnerability, I have been upgrading a lot of classic and next gen ASA's. On the classics I have done 8.4 and 9.0 to 9.1.7.23 and haven't had any issues except for a really old 5505 dying on reboot but that was a hardware failure.
I put the ASA upgrade guide below to help you out.
Oh and while your at it you will need to upgrade your ASDM image to 7.5.2 or higher to support 9.1.7.X (as seen in the ASA compatibility guide I linked below). As they are currently maintaining this train you should be able to go to the newest ASDM if you want (7.9.X). Cisco doesn't make software recommendations for ASDM. Instead they just recommend going to the newest. But anywhere between 7.5.2 to 7.9.X should work for you. If the newest ones don't work just back track a little. Could be possible that the newest doesn't work as 5505's are legacy.
Release notes, Upgrade Path: Release Notes for the Cisco ASA Series, 9.1(x) - Cisco
Vulnerability, Fixed Software, Fixed Releases section: Cisco Adaptive Security Appliance Remote Code Execution and Denial of Service Vulnerability
ASA Upgrade Guide: Cisco ASA Upgrade Guide - Upgrade the ASA Appliance or ASAv [Cisco ASA 5500-X Series Firewalls] - Cisco
ASA Compatibility Guide, Check 9.1 to 9.2 ASA and ASDM Compatibility Section: Cisco ASA Compatibility - Cisco
Thanks!
Mark
