Cisco Cisco Content Security Management Appliance M690 Notas De La Versión
2
Release Notes for the June 25, 2015 SSH Vulnerability Patch for Cisco Content Security Virtual Appliances
Installation Instructions
URL:
You can view some details by clicking the link to view bug information in the Cisco Bug Search Tool.
Installation Instructions
Before Installation
Before installing the patch, perform any pre-upgrade tasks that are documented in the release notes and
online help or user guide for your release(s).
online help or user guide for your release(s).
The appliance will prompt you to reboot after installing the patch. This reboot is required.
This patch should take only a few minutes to install.
If you are updating a Security Management appliance:
•
You will need appropriate credentials for managed appliances in order to re-establish connection to
those appliances after installation.
those appliances after installation.
•
If you use centralized configuration management for Web Security appliances, you will need to
reassign the configuration master to each appliance after installing the patch. Suggestion: Before
you install the patch, take a screen shot of the list on the Web > Utilities > Configuration Masters >
Edit Appliance Assignment List page.
reassign the configuration master to each appliance after installing the patch. Suggestion: Before
you install the patch, take a screen shot of the list on the Web > Utilities > Configuration Masters >
Edit Appliance Assignment List page.
Installing the Patch
Instructions:
•
You must use the command-line interface (CLI) to install this patch. Do NOT use the web interface
to install this patch, even if you see this patch among the upgrade options.
to install this patch, even if you see this patch among the upgrade options.
•
Use the
upgrade
command and select
cisco-sa-20150625-ironport SSH Keys Vulnerability
Fix.
•
For email and management appliances (ESA and SMA), if
downloadinstall
is available as an
upgrade
option on your release, you MUST use it. The
download
option does not work for this patch.
•
Bug Description
Virtual ESA not generating new SSH HostKey post deployment
Virtual ESA: preinstalled keys allow remote root access without customer’s consent
Virtual WSA not generating new SSH HostKey post deployment
Virtual WSA: preinstalled keys allow remote root access without customer’s consent
Virtual SMA not generating new SSH HostKey post deployment
Virtual SMA: preinstalled keys allow remote root access without customer’s consent