cancel
Showing results for 
Search instead for 
Did you mean: 
cancel

ACS 5.5 - Upgrade procedure

5970
Views
0
Helpful
4
Comments

 

 

Introduction

 

Due to the release of the Multiple Vulnerabilities in Cisco Secure Access Control System advisory an upgrade to ACS 5.5 is now required.

 

 

 5.05.15.25.35.4
Cisco Secure ACS RMI Privilege Escalation VulernabilityMigrate to 5.5 or laterMigrate to 5.5 or laterMigrate to 5.5 or laterMigrate to 5.5 or laterMigrate to 5.5
Cisco Secure ACS RMI Unauthenticated User Access VulnerabilityMigrate to 5.5 or laterMigrate to 5.5 or laterMigrate to 5.5 or laterMigrate to 5.5 or laterMigrate to 5.5
Cisco Secure ACS Operating System Command Injection VulnerabilityMigrate to 5.4 or laterMigrate to 5.4 or laterMigrate to 5.4 or laterMigrate to 5.4 or later5.4 Patch 3
First Fixed release for all vulnerabilities in this advisory
    5.5

 

 

New and Changed Features

 

The following sections briefly describe the new and changed features in the 5.5 release:

 

 

 

Source: http://www.cisco.com/c/en/us/td/docs/net_mgmt/cisco_secure_access_control_system/5-5/release/notes/acs_55_rn.html#pgfId-71092

 

Steps to upgrade to 5.5

 

Due to CSCum04132 and CSCum26584, the following steps should be followed:

 

 

  • Install the appropiate Pointed patch available for the current ACS version.

 

 

 

          For 5.3 --> Pointed-PreUpgrade-CSCum04132-5-3-0-40.tar.gpg

 

          For 5.4 --> Pointed-PreUpgrade-CSCum04132-5-4-0-46-0a.tar.gpg

 

  • Install the 5.5 upgrade package: ACS_5.5.0.46.tar.gz

 

  • Install the cumulative 5.5 patch: 5-5-0-46-1.tar.gpg

 

  • To upgrade from ACS 5.4 to 5.5 patch-1, it is important to run the command "database-compress"  prior to installing the Pointed Patch.

 

Note: In case of a Distributed deployment scenario, please deregister the secondary from the primary before the upgrade. Once both appliances run 5.5, including the cumulatve patch, register the secondary again.

 

Useful commands

 

  • show version

 

  • show repository your_repository

 

  • show application status acs

 

  • acs install patch Pointed-PreUpgrade-CSCum04132-5-3-0-40.tar.gpg repository your_repository

 

  • application upgrade ACS_5.5.0.46.tar.gz your_repository

 

 

HTH.

 

- Javier

Comments
Participant

To upgrade from ACS 5.4 to 5.5 patch-1, it is VERY important to you need to run "compress-database" in ACS 5.4 prior to installing the Pointed-PreUpgrade-CSCum04132-5-4-0-46-0a.tar.gpg. 

It happened to me when I tried to upgrade from ACS 5.4 to ACS 5.5 patch-1.  The upgrade was not successful unless I ran "compress-database" prior to the Pointed-PreUpgrade-CSCum04132-5-4-0-46-0a.tar.gpg patch. 

After I ran "compress-database", I then applied the Pointed patch, then the upgrade to ACS 5.5 went very smoothly.

Hi,

I haven't needed to run the database compress command, but you are right it is a good step and it is part  of the success of the upgrade.

It is now included in the document.

Thanks for sharing your feedback.

Beginner

Should the upgrade procedure also mention that if someone is running 5.0, 5.1 or 5.2 they should upgrade to 5.3 or 5.4 before uprgading to 5.5 ?

Beginner

HI,

If I want to upgrade from ACS 5.5.0.46.x to 5.5.0.46.10, it can be done with the file 5-5-0-46-10.tar.gpg ?

Running the command:

  • application upgrade 5-5-0-46-10.tar.gpg repository-name

Thanks

CreatePlease to create content
Content for Community-Ad
FusionCharts will render here