Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
849
Views
0
Helpful
3
Replies

Supported ASA version that not have an impact for SAML integration

Go to solution
arumugasamy
Level 1
Level 1

‎06-22-2023 02:27 AM

We would like to request for an advice for the below vulnerability on Cisco Anyconnect :

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ac-csc-privesc-wx4U4Kw

Our current version info as below:

Cisco Anyconnect client ver.- 4.10.06079

ASA 5545/85

Cisco ASA ver- 9.14(4)

ASDM version – 7.16(1)150

VPN users Authentication method – SAML integrated.

Kindly review and let us know about the upgrade requirements.  Please help me.

In my knowledge, the ASA 5500 supports max version 9.14. (4) that is not supporting the required VPN client that prevents the said vulnerability.We need to upgrade the ASA to 9.17.X that this particular model would not support.

Minimum ASA/ASDM Release Requirements for Specified Features

  • We must upgrade to Secure Firewall ASA 9.17.x (or later) and ASDM 7.17.x (or later)

ASA 9.14(x) was the final version for the ASA 5525-X, 5545-X, and 5555-X

Please give your finding.

 

 

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Aref Alsouqi
VIP
VIP

‎06-22-2023 05:56 AM

You are right, the latest you can install on those boxes is the 9.14. However, the vulnerability link is referring to AnyConnect, not to the ASA code in itself unless I missed something. In that case, you just need to upgrade the AnyConnect image on those boxes without worrying about upgrading the codes.

View solution in original post

0 Helpful
3 Replies 3

Go to solution
Aref Alsouqi
VIP
VIP

‎06-22-2023 05:56 AM

You are right, the latest you can install on those boxes is the 9.14. However, the vulnerability link is referring to AnyConnect, not to the ASA code in itself unless I missed something. In that case, you just need to upgrade the AnyConnect image on those boxes without worrying about upgrading the codes.

0 Helpful

Go to solution
arumugasamy
Level 1
Level 1
In response to Aref Alsouqi

‎06-22-2023 06:14 AM

Thank you so much
It clearing says the version higher than 9.14 is need to support Latest Anyconnect client but you suggest to use the latest client with the same ASA image 9.14.(4).
Please confirm again. ASA 9.14.(4) is the final version installed
0 Helpful

Go to solution
MHM Cisco World
VIP
VIP

‎06-22-2023 06:26 AM

https://www.cisco.com/c/en/us/td/docs/security/asa/compatibility/asamatrx.html

According to cisco doc. 9.14 is last ver. For asa 5525/5545/5555

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card