Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
760
Views
2
Helpful
1
Replies

Cisco ISE 3.2 hotpatch installation to address CSCwk61938 OpenSSH

Gouthami Nair
Level 1
Level 1

‎08-16-2024 03:16 AM

Please confirm any reported issues with the hotpatch installed for fixing the CSCwk61938 (OpenSSH CVE-2024-6387 "regreSSHion" vulnerability). Our ISE version Cisco ISE 3.2 patch 5.

0 Helpful
1 Reply 1

Arne Bier
VIP
VIP

‎08-18-2024 01:32 PM

I have not applied any hotpatches for CVE's since my ISE deployments are all intranet-facing devices. I will rather wait for the next regular patches and apply those. I reserve the use of hotpatches for things that fix a burning issue that can affect my users. Not saying it's wrong to apply an openssh patch - but this CVE IMHO does not warrant a hotpatch, And generally, applying a hotpatch should not break your ISE deployment, since they are only replacing a very small thing in ISE. 

If you're still unsure, patch one lab node (and then one production node) and then always test your services before proceeding to the next nodes. I use that methodology all the time and it's never let me down 

Customers Also Viewed These Support Documents