Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

ASA Patching, Assessments

I am having a hell of a time just trying to identify which out of the 524 security advisories are applicable to our devices. We have these versions of ASA spftware on our network:

IOS 8_0(4)

IOS 8_2(1)

IOS 8_3(2)

IOS 8_4(3)8

IOS 9_1(1)

Does anyone know how to widdle down the 524 advisories to only those applicable to ASAs or, even better, these specific versions of ASA software?

I've search cisco's resources up and down. The only way I can see to do this would be to analyze all 524 against each OS... but this is error prone and its insain to expect each customer to do this classification when it really only needs to be done once by the vendor. Am I missing something?

Another Attempted Method (Example):Trying to identify applicable security advisories to 8.0(4) for an ASA 5540.

1.       So I go to this site and select 8.0.4.ED, which I assume is the same as 8.0(4): http://software.cisco.com/download/release.html?mdfid=279916880&flowid=4375&softwareid=280775065&release=9.1.2.ED&relind=AVAILABLE&rellifecycle=&reltype=latest

2.       I then scroll down to the bottom where it says “related information” and select “Security Advisories, Responses & Notices”. This presents me with a list of 17 Security Advisories.

     a.       Does this list represent advisories that are present or that are resolved with this release?

3.       If I scroll back up and click on the actual bin file, a popup is displayed with another Security Advisories, Responses & Notices link. Click on this and I am taken to this page: http://www.cisco.com/en/US/products/ps6120/prod_security_advisories_list.html

     a.       Here the site is telling me that there are 8 Security Advisories associated with ASA 5540. Why 17 on one page and 8 on another? Is one      resolved advisories? The variability doesn’t make sense to me otherwise, but which list is which... and is this information definitive or just a guess?

There has to be a way to get a definitive and accurate list of applicable patches (without consideration for how the device is configured, i.e. assuming a worst case scenario, so that all 524 advisories don't have to be analyzed).

Everyone's tags (3)
135
Views
0
Helpful
0
Replies