The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.
Appliances Covered by Cisco IMC Firmware Update
Supported Software Versions for Cisco IMC Firmware Update
Cisco IMC Firmware Update Installation Instructions
The firmware update package updates the Cisco Integrated Management Controller (IMC) firmware. This update package has the fix for the vulnerabilities detailed in CVE-20240-20295 and CVE-2024-20356.
Note: The update for Cisco IMC firmware is available only for appliances that require upgrade. If you are running a supported version of AsyncOS and you do not see the upgrade package with the description Firmware update package Cisco IMC CVE-2024-20295 CVE-2024-20356 in the list of available upgrades, you can assume that your appliance does not require an upgrade and skip this upgrade process.
Appliances Covered by Cisco IMC Firmware Update
● S195, S395, S695/F
● S196, S396, S696/F
Supported Software Versions for Cisco IMC Firmware Update
If you are running an AsyncOS version that is not listed in this section, upgrade your AsyncOS to any of the following versions before installing the firmware patch:
● 15.0.0-355
● 15.1.0-287
● 15.2.0-116
● 15.2.0-164
Cisco IMC Firmware Update Installation Instructions
Follow the instructions provided here to obtain and install the update for Cisco IMC firmware patch.
Note: In this document, upgrade and update are used interchangeably.
Step 1. From the Secure Web Appliance GUI, choose System Administration > Configuration File.
Step 2. Click Download file to local computer to view or save.
Step 3. Under Password Display Options, click the Encrypt passwords in the Configuration Files radio button, and then click either the Use system-generated file name or the Use user-defined file name radio button to specify how to generate the file name. If you click the Use user-defined file name radio button, enter the file name in the corresponding field.
Step 4. Click Submit.
Install the Cisco IMC Firmware Update
Step 1. Access the CLI. For details about accessing the CLI, see the Cisco Secure Web Appliance User Guide.
Note: For the update to run successfully, you must perform the upgrade from the CLI.
Step 2. In the CLI, enter upgrade.
Step 3. Select the DOWNLOADINSTALL option. Note that you must select the DOWNLOADINSTALL option for this update to work properly.
Step 4. Enter the number of the Cisco IMC firmware update package with the description Firmware update package Cisco IMC CVE-2024-20295 CVE-2024-20356.
Step 5. When prompted to save the current configuration to the configuration directory, enter N if you you do not want to save the current configuration. The default value is Y.
Step 6. Choose the password option from the list and press Enter.
Step 7. Enter Y when you are asked if you want to proceed with the upgrade.
The following message is displayed:
BMC firmware update:
====================
Updating BMC from 4.0(1e) to 4.2(3j). This may take some time please wait...
BMC Update complete
Activating BMC. Please wait...
CIMC login will be disconnected, Please connect after two mins
Activation of BMC firmware successful
Current running version of BMC: 4.2(3j)
Upgrade installation finished.
Note:
· Because Cisco IMC firmware update does not require a reboot, the system will not reboot after the upgrade process.
· The firmware update package is displayed in the list of available upgrades even after successful installation. However, this does not mean that the firmware upgrade was unsuccessful.
Step 8. (Optional) Verify the Cisco IMC firmware update using the version command. If the baseboard management controller (BMC) version is updated to 4.02, it indicates that the update was successful.
Example:
UDI: S195 VA0 WZP231206NK
Name: S195
Product: Cisco S195 Secure Web Appliance
Model: S195
Version: 15.0.0-355
Build Date: 2023-07-12
Install Date: 2023-07-12 15:28:41
Serial #: D4789B004502-WZP231206NK
BIOS: C220M5.4.0.1h.0.1108182337
RAID: 50.1.0-1456
RAID Status: Optimal
RAID Type: 1
BMC: 4.02
Cisco DVS Engine: 1.0 (Never Updated)
Cisco DVS Malware User Agent Rules: 0.554 (Never Updated)
Cisco DVS Object Type Rules: 0.554 (Never Updated)
Cisco Trusted Root Certificate Bundle: 2.4 (Tue Jun 04 19:22:28 2024)
Cisco Certificate Blocked List: 1.3 (Tue Jun 04 19:22:28 2024)
How-Tos: 1.0 (Never Updated)
Youtube Categorization engine: 1.0.0 (Never Updated)
Note: If the update fails even after multiple attempts, contact Cisco TAC for assistance
This section provides information about the hardware and software user documentation available for Secure Web Appliances. To find a document online, use one of the links provided in the following table.
Document Name |
Location |
User Guide for Cisco Web Security Appliances |
https://www.cisco.com/c/en/us/support/security/web-security-appliance/products-user-guide-list.html |
Secure Web Appliance Release Notes, ISE Compatibility Matrix, and Ciphers |
|
Hardware installation and Getting started guides for Secure Web Appliances |
Cisco Support Community is an online forum for Cisco customers, partners, and employees. It provides a place to discuss general web security issues as well as technical information about specific Cisco products. You can post topics to the forum, ask questions, and share information with other Cisco users.
Access the Cisco Support Community at:
https://supportforums.cisco.com/community/5786/web-security
Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this URL: www.cisco.com/go/trademarks. Third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (1721R)
Any Internet Protocol (IP) addresses and phone numbers used in this document are not intended to be actual addresses and phone numbers. Any examples, command display output, network topology diagrams, and other figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses or phone numbers in illustrative content is unintentional and coincidental.
© 2024 Cisco and/or its affiliates. All rights reserved.