Cisco Cisco Catalyst 6500 Series 7600 Series ASA Services Module Guía De Instalación
bug is present in 9.1(7), 9.5(2), 9.6(1), and some interim releases. We suggest that you upgrade to a
version that includes the fix for CSCuy34265: 9.1(7.6) or later, 9.5(3) or later, 9.6(2) or later. However,
due to the nature of configuration replication, zero downtime upgrade is not available. See
version that includes the fix for CSCuy34265: 9.1(7.6) or later, 9.5(3) or later, 9.6(2) or later. However,
due to the nature of configuration replication, zero downtime upgrade is not available. See
for more information about different methods of upgrading.
Additional Guidelines
• Upgrade impact for ASDM login when upgrading from a pre-9.2(2.4) release to 9.2(2.4) or later—If
you upgrade from a pre-9.2(2.4) release to ASA Version 9.2(2.4) or later and you use command
authorization and ASDM-defined user roles, users with Read Only access will not be able to log in to
ASDM. You must change the more command either before or after you upgrade to be at privilege level
5; only Admin level users can make this change. Note that ASDM version 7.3(2) and later includes the
more command at level 5 for defined user roles, but preexisting configurations need to be fixed manually.
authorization and ASDM-defined user roles, users with Read Only access will not be able to log in to
ASDM. You must change the more command either before or after you upgrade to be at privilege level
5; only Admin level users can make this change. Note that ASDM version 7.3(2) and later includes the
more command at level 5 for defined user roles, but preexisting configurations need to be fixed manually.
ASDM:
1
Choose Configuration > Device Management > Users/AAA > AAA Access > Authorization, and
click Configure Command Privileges.
click Configure Command Privileges.
2
Select more, and click Edit.
3
Change the Privilege Level to 5, and click OK.
4
Click OK, and then Apply.
CLI:
ciscoasa(config)#
privilege cmd level 5 mode exec command more
• Cisco ASA Clientless SSL VPN Portal Customization Integrity Vulnerability—Multiple vulnerabilities
have been fixed for clientless SSL VPN in ASA software, so you should upgrade your software to a
fixed version. See
fixed version. See
for details about the vulnerability and a list of fixed ASA versions. Also, if you
ever ran an earlier ASA version that had a vulnerable configuration, then regardless of the version you
are currently running, you should verify that the portal customization was not compromised. If an attacker
compromised a customization object in the past, then the compromised object stays persistent after you
upgrade the ASA to a fixed version. Upgrading the ASA prevents this vulnerability from being exploited
further, but it will not modify any customization objects that were already compromised and are still
present on the system.
are currently running, you should verify that the portal customization was not compromised. If an attacker
compromised a customization object in the past, then the compromised object stays persistent after you
upgrade the ASA to a fixed version. Upgrading the ASA prevents this vulnerability from being exploited
further, but it will not modify any customization objects that were already compromised and are still
present on the system.
View Your Current Version
• CLI—Use the show version command to verify the software version of your ASA.
• ASDM—The software version appears on the ASDM home page; view the home page to verify the
software version of your ASA.
Upgrade to ASA 9.4 and ASDM 7.4
3
Upgrade to ASA 9.4 and ASDM 7.4
Additional Guidelines