IME includes old JRE and MySQL versions with known vulnerabilities?
Cisco IME experts,
I just installed IME, and noticed that it includes an old 2009-vintage MySQL version that has known security vulnerabilities. It also uses a private JRE version that is fairly old (1.6u7, IIRC). I would like to use IME, but I have to meet fairly stringent security requirements, and these vulnerable versions of bundled products are going to raise red flags. Can I delete the private JRE directory and modify the .ini files to point to the 1.6u23 JRE installed on the system? Can the MySQL version be upgraded to >= v5.1.52, or can you explain why it is not a threat to system security? Granted, the system running IME is within a protected network, but we are trying to implement defense-in-depth principles, and attacks can sometimes come from insiders with a flash drive or CD. Thanks for your answers in advance!
Re: IME includes old JRE and MySQL versions with known vulnerabi
Usually we don't support modifying the underlying subsystems, as they are not tested together and problems might happen.
If you are already running on latest IME (7.0.3), please open a TAC Service request (you can do it from this thread). this way we can discuss with development about fixing this in IME to either upgrade the JRE/MYSQL or at least patch them to fix any known vulnerabilities there.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...