ACS 5.5 - Upgrade procedure

Javier Portuguez · ‎03-03-2014

Steps to upgrade to 5.5
Useful commands

Introduction

Due to the release of the Multiple Vulnerabilities in Cisco Secure Access Control System advisory an upgrade to ACS 5.5 is now required.

	5.0	5.1	5.2	5.3	5.4
Cisco Secure ACS RMI Privilege Escalation Vulernability	Migrate to 5.5 or later	Migrate to 5.5 or later	Migrate to 5.5 or later	Migrate to 5.5 or later	Migrate to 5.5
Cisco Secure ACS RMI Unauthenticated User Access Vulnerability	Migrate to 5.5 or later	Migrate to 5.5 or later	Migrate to 5.5 or later	Migrate to 5.5 or later	Migrate to 5.5
Cisco Secure ACS Operating System Command Injection Vulnerability	Migrate to 5.4 or later	Migrate to 5.4 or later	Migrate to 5.4 or later	Migrate to 5.4 or later	5.4 Patch 3
First Fixed release for all vulnerabilities in this advisory					5.5

New and Changed Features

The following sections briefly describe the new and changed features in the 5.5 release:

Source: http://www.cisco.com/c/en/us/td/docs/net_mgmt/cisco_secure_access_control_system/5-5/release/notes/acs_55_rn.html#pgfId-71092

Steps to upgrade to 5.5

Due to CSCum04132 and CSCum26584, the following steps should be followed:

Install the appropiate Pointed patch available for the current ACS version.

For 5.3 --> Pointed-PreUpgrade-CSCum04132-5-3-0-40.tar.gpg

For 5.4 --> Pointed-PreUpgrade-CSCum04132-5-4-0-46-0a.tar.gpg

Install the 5.5 upgrade package: ACS_5.5.0.46.tar.gz

Install the cumulative 5.5 patch: 5-5-0-46-1.tar.gpg

To upgrade from ACS 5.4 to 5.5 patch-1, it is important to run the command "database-compress" prior to installing the Pointed Patch.

Note: In case of a Distributed deployment scenario, please deregister the secondary from the primary before the upgrade. Once both appliances run 5.5, including the cumulatve patch, register the secondary again.

Useful commands

show version

show repository your_repository

show application status acs

acs install patch Pointed-PreUpgrade-CSCum04132-5-3-0-40.tar.gpg repository your_repository

application upgrade ACS_5.5.0.46.tar.gz your_repository

HTH.

- Javier

cciesec2011 · ‎03-03-2014

To upgrade from ACS 5.4 to 5.5 patch-1, it is VERY important to you need to run "compress-database" in ACS 5.4 prior to installing the Pointed-PreUpgrade-CSCum04132-5-4-0-46-0a.tar.gpg.

It happened to me when I tried to upgrade from ACS 5.4 to ACS 5.5 patch-1. The upgrade was not successful unless I ran "compress-database" prior to the Pointed-PreUpgrade-CSCum04132-5-4-0-46-0a.tar.gpg patch.

After I ran "compress-database", I then applied the Pointed patch, then the upgrade to ACS 5.5 went very smoothly.

Javier Portuguez · ‎03-03-2014

Hi,

I haven't needed to run the database compress command, but you are right it is a good step and it is part of the success of the upgrade.

It is now included in the document.

Thanks for sharing your feedback.

rodmunch999 · ‎03-07-2014

Should the upgrade procedure also mention that if someone is running 5.0, 5.1 or 5.2 they should upgrade to 5.3 or 5.4 before uprgading to 5.5 ?

clemente · ‎11-30-2015

HI,

If I want to upgrade from ACS 5.5.0.46.x to 5.5.0.46.10, it can be done with the file 5-5-0-46-10.tar.gpg ?

Running the command:

application upgrade 5-5-0-46-10.tar.gpg repository-name

Thanks