04-07-2018 11:01 AM - edited 03-08-2019 02:34 PM
Hi fellow network ninjas,
We have c3850 (WS-C3850-24-T) running with ip services license and version 03.06.06E (Version 03.06.06E RELEASE SOFTWARE (fc1)) when we checked the software we noticed that software version effected with vstack vulnerability and we want to upgrade to latest stable version afterI have checked the Cisco IOS software checker for version 3.6.8E it doesnt seems to be effected with this vulnerability.
Is there anyone gone through the same issue. I want to learn your experiences and any heads up before upgrading.
Also saw the notice for upgrades from prior to 3.6.3. Am I clear to go with 3.6.6E
Note: Software defect CSCuw82216may result in switch inoperability due to flash memory corruption when upgrading from a pre-3.6.3 or pre-3.7.2 software release to 3.6.3/3.7.2 in install mode. This issue is resolved in 3.6.4 or 3.7.3 or later software therefore the issue is not seen when upgrading to these software versions. As a result of this software defect, bundle mode is recommended for upgrades involving the effected software versions
thanks in advance
Solved! Go to Solution.
04-07-2018 04:42 PM - edited 04-07-2018 04:43 PM
The Cisco Security Advisory Cisco IOS and IOS XE Software Smart Install Remote Code Execution Vulnerability & Cisco IOS and IOS XE Software Smart Install Denial of Service Vulnerability are more updated as compared to the Bug ID.
The Smart Install function is enabled by default but can be disabled by using the command "no vstack". Since Smart Install is found in all versions of IOS-XE there's no "escaping" a version which doesn't have this feature.
Next, in regards to software version selection. I agree with Reza, unless you have urgent operational requirement(s) to go 16.X, for stability purposes, staying with 3.6.X or 3.7.X is better.
With that said, read the Release Notes because it will spell whether your stack or network is stable or not.
04-07-2018 12:52 PM
Hi,
The suggested version of Cisco's site is:
cat3k_caa-universalk9.SPA.03.06.08.E.152-2.E8.bin
Unless you want to go with Denali and the recommended version is:
cat3k_caa-universalk9.16.03.05b.SPA.bin
That said, before you upgrade to any version, read the release notes carefully.
HTH
04-07-2018 04:42 PM - edited 04-07-2018 04:43 PM
The Cisco Security Advisory Cisco IOS and IOS XE Software Smart Install Remote Code Execution Vulnerability & Cisco IOS and IOS XE Software Smart Install Denial of Service Vulnerability are more updated as compared to the Bug ID.
The Smart Install function is enabled by default but can be disabled by using the command "no vstack". Since Smart Install is found in all versions of IOS-XE there's no "escaping" a version which doesn't have this feature.
Next, in regards to software version selection. I agree with Reza, unless you have urgent operational requirement(s) to go 16.X, for stability purposes, staying with 3.6.X or 3.7.X is better.
With that said, read the Release Notes because it will spell whether your stack or network is stable or not.
04-08-2018 01:13 AM
hi,
thanks for the recommendations, is it possible to upgrade directly from version 3.6.6 to 16.X.
I am also not familiar with the licensing modeling of 16.X.
04-08-2018 01:30 AM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide