Cisco ISE | Log4J

This post provides a step-by-step procedure for installing the hot patch released by Cisco for ISE servers, in light of the recent Log4j vulnerability (Apache Log4j Java Logging Library).

More details: https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwa47133


Installation Steps.


#1) Copy the path files to FTP/SFTP Server into disk:/;


#2) Create local repository on ISE Server via CLI;

ise/admin# conf t
ise/admin# repository local
ise/admin# url disk:/

#3) Run the patch:

ise/admin# application install <file-name> local

#4) Verify:

ise/admin# show logging application hotpatch.log

Rollback Steps.


#1) Rollback the hot patch using below command:

ise/admin# application install <rollback-file-name> local

CLI Analysis.


#1) Check filesystems:

ise/admin# show disks

#2) Verify your backups:

ise/admin# show backup status
ise/admin# show backup history

#3) ISE process status:

ise/admin# show application status ise

#4) Start/Stop application:

ise/admin# application stop ise
ise/admin# application start ise

gif

12 views0 comments

Recent Posts

See All

The Duo Authentication Proxy is an on-premises software service that receives authentication requests from your local devices and applications via RADIUS or LDAP, optionally performs primary authentic

We have already seen how Umbrella works in previous posts and now let's do the basic configuration. https://www.stenge.info/post/umbrella-va Configuration Mode on a VA Deployed: When you open the VA i

In general terms, last week, a zero-day vulnerability called Log4Shell was discovered and could be exploited by remote attackers around the world. A zero-day vulnerability is a vulnerability that has