Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Create a new article
8263
Views
0
Helpful
4
Comments

ACS 5.5 - Upgrade procedure

Javier Portuguez
Level 9
Level 9

‎03-03-2014 09:29 AM - edited ‎02-21-2020 10:00 PM

 

 

Introduction

 

Due to the release of the Multiple Vulnerabilities in Cisco Secure Access Control System advisory an upgrade to ACS 5.5 is now required.

 

 

 5.05.15.25.35.4
Cisco Secure ACS RMI Privilege Escalation VulernabilityMigrate to 5.5 or laterMigrate to 5.5 or laterMigrate to 5.5 or laterMigrate to 5.5 or laterMigrate to 5.5
Cisco Secure ACS RMI Unauthenticated User Access VulnerabilityMigrate to 5.5 or laterMigrate to 5.5 or laterMigrate to 5.5 or laterMigrate to 5.5 or laterMigrate to 5.5
Cisco Secure ACS Operating System Command Injection VulnerabilityMigrate to 5.4 or laterMigrate to 5.4 or laterMigrate to 5.4 or laterMigrate to 5.4 or later5.4 Patch 3
First Fixed release for all vulnerabilities in this advisory
    5.5

 

 

New and Changed Features

 

The following sections briefly describe the new and changed features in the 5.5 release:

 

 

 

Source: http://www.cisco.com/c/en/us/td/docs/net_mgmt/cisco_secure_access_control_system/5-5/release/notes/acs_55_rn.html#pgfId-71092

 

Steps to upgrade to 5.5

 

Due to CSCum04132 and CSCum26584, the following steps should be followed:

 

 

  • Install the appropiate Pointed patch available for the current ACS version.

 

 

 

          For 5.3 --> Pointed-PreUpgrade-CSCum04132-5-3-0-40.tar.gpg

 

          For 5.4 --> Pointed-PreUpgrade-CSCum04132-5-4-0-46-0a.tar.gpg

 

  • Install the 5.5 upgrade package: ACS_5.5.0.46.tar.gz

 

  • Install the cumulative 5.5 patch: 5-5-0-46-1.tar.gpg

 

  • To upgrade from ACS 5.4 to 5.5 patch-1, it is important to run the command "database-compress"  prior to installing the Pointed Patch.

 

Note: In case of a Distributed deployment scenario, please deregister the secondary from the primary before the upgrade. Once both appliances run 5.5, including the cumulatve patch, register the secondary again.

 

Useful commands

 

  • show version

 

  • show repository your_repository

 

  • show application status acs

 

  • acs install patch Pointed-PreUpgrade-CSCum04132-5-3-0-40.tar.gpg repository your_repository

 

  • application upgrade ACS_5.5.0.46.tar.gz your_repository

 

 

HTH.

 

- Javier

Labels:
0 Helpful
Comments
cciesec2011
Level 3
Level 3
‎03-03-2014 01:46 PM

To upgrade from ACS 5.4 to 5.5 patch-1, it is VERY important to you need to run "compress-database" in ACS 5.4 prior to installing the Pointed-PreUpgrade-CSCum04132-5-4-0-46-0a.tar.gpg. 

It happened to me when I tried to upgrade from ACS 5.4 to ACS 5.5 patch-1.  The upgrade was not successful unless I ran "compress-database" prior to the Pointed-PreUpgrade-CSCum04132-5-4-0-46-0a.tar.gpg patch. 

After I ran "compress-database", I then applied the Pointed patch, then the upgrade to ACS 5.5 went very smoothly.

Javier Portuguez
Level 9
Level 9
‎03-03-2014 03:19 PM

Hi,

I haven't needed to run the database compress command, but you are right it is a good step and it is part  of the success of the upgrade.

It is now included in the document.

Thanks for sharing your feedback.

rodmunch999
Level 1
Level 1
‎03-07-2014 09:02 PM

Should the upgrade procedure also mention that if someone is running 5.0, 5.1 or 5.2 they should upgrade to 5.3 or 5.4 before uprgading to 5.5 ?

clemente
Level 1
Level 1
‎11-30-2015 08:08 AM

HI,

If I want to upgrade from ACS 5.5.0.46.x to 5.5.0.46.10, it can be done with the file 5-5-0-46-10.tar.gpg ?

Running the command:

  • application upgrade 5-5-0-46-10.tar.gpg repository-name

Thanks

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents