Python 3.0 migration will be available starting w/ AsyncOS 14.2. 14.2 is expected Spring 2022. Please stay tuned for more information!
Python on Cisco Secure Email
The Python package used in our appliances is not a standard deployment --- just like AsyncOS is not your typical FreeBSD (a free and open-source Unix-like operating system descended from the Berkeley Software Distribution, which was based on Research Unix).
CVE-2018-1061 – This vulnerability is not affecting ESA
Filed Defects
Be sure to check out the following filed defects as well:
CSCum44746- to hide the Python version on HTTP banner, but no impact for ESA service / operations.
CSCvx65163- a general request for Python version 3 upgrade so there is no need to fix CVE relating to 2.4.6 in the future, completion timeline is 1.5 years from now.
Customer Concerns
How to address, when customer concerned, outside of the list above:
Cisco continues to fix CVE that are reported to PSIRT until Python is upgraded to v3.0
Python v3.0 on AsyncOS is planned as part of AsyncOS 15.0 release (CY2022)
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: