I have several Cisco ASA 5525-X's and we only run Command Line on them. I can see the ASDM image on the flash but I've never updated it because we don't use it. Would there be a reason to update ASDM if it's not used?
If you aren't using ASDM, then possibly no need to upgrade.
If however you do need to use ASDM at somepoint in the future, then you should have the latest version to ensure any new feature available in ASA software is configurable via ASDM.
That makes sense, I just want to make sure that if a CVE is published in the future regarding ASDM that I could possible ignore it because it does not apply to my system or if there was not some nuanced functionality that ASDM operated internally that could affect the system software.
Personally, my suggestion is - even though you are not using ASDM good to put the latest version which is in line with your ASA version - as part of the upgrade process. - make sure you done all the tick boxes because some auditing not good - they point EOL code in ASA.
Keep your network sanitized having all patches/software up-to-date. It's the best that you can do to lower the surface and reduce Risk to the business.
Tag me to follow up. Please mark it as Helpful and/or Solution Accepted if that is the case. Thanks for making Engineering easy again. Connect with me for more on Linkedin https://www.linkedin.com/in/rubencocheno/
If you never use it then remove the image from flash and make sure there is no "http server enable" line in the config. That way you don't expose the older (and potentially vulnerable to security-related defects) image.
Learn, share, save
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
