Installing Software Maintenance Update for Spring4Shell Vulnerability
Installing Software Maintenance Update on Cisco DCNM Windows and Linux Deployment
- Installing the SMU on Cisco DCNM Windows Appliance
- Installing the SMU on Cisco DCNM Linux Appliance
Installing Software Maintenance Update on Cisco DCNM OVA/ISO Deployment
- Installing SMU on DCNM Standalone Deployment

Installing Software Maintenance Update for Spring4Shell Vulnerability

Installing Software Maintenance Update on Cisco DCNM Windows and Linux Deployment

This section provides instructions to install Software Maintenance Update (SMU) on Cisco Windows and Linux deployments Release 11.5(4) to address CVE-2022-22965 issue.

Note

Only a root or admin user can install the SMU on the Cisco DCNM setup.

This section contains the following topics:

Installing the SMU on Cisco DCNM Windows Appliance

To install the SMU on Cisco DCNM Windows appliance, perform the following:

Before you begin

Take a backup of the Cisco DCNM application. Copy the backup file to a safe location outside the DCNM server.
If Cisco DCNM appliance is installed in VMware environment, ensure that you take VM snapshots for all nodes. For instructions, refer to VMware Snapshot Support section in your Cisco DCNM Release Notes.
Ensure that you plan for a maintenance window to install SMU.

Ensure that Cisco DCNM 11.5(4) is up and running.

Note

Only a root user can install the SMU on the Cisco DCNM Release 11.5(4) appliance

Procedure

Step 1	Download the SMU file. Go to the following site: https://software.cisco.com/download/. A list of the latest release software for Cisco DCNM available for download is displayed. In the Latest Releases list, choose Release 11.5(4). Locate DCNM 11.5(4) Maintenance Update for Windows and Linux servers to address CVE-2022-22965 and click Download icon. Save the dcnm-win-linux-patch.11.5.4.zip file to your directory that is easy to find when you start to apply the maintenance update (patch).
Step 2	Upload the file to the C:\Users\<UserName>\Desktop\ folder in the DCNM setup.
Step 3	Log on to Cisco DCNM using SSH as a Administrator user.
Step 4	Unzip the dcnm-win-linux-patch.11.5.4.zip file in c:\Users\<UserName>\Desktop\ directory.
Step 5	Open Command prompt and run as Administrator.
Step 6	Change directory to /patch using c:\Users\<UserName>\Desktop\patch command.
Step 7	Apply the patch. C:\Users\dcnm\spring4shell-patch>patch.bat ============================================================ ============ spring4shell patch for DCNM 11.x ============== ============================================================ Enter DCNM root directory [C:\Program Files\Cisco Systems\dcm]: C:\Users\dcnm\spring4shell-patch The system cannot find the file specified. "Preparing patch, please wait...." Initializing... mds.nmsRoot: C:\Program Files\Cisco Systems\dcm Patching dcm.ear... Patching SanAnalytics.war... C:\Program Files\Cisco Systems\dcm\wildfly-14.0.1.Final\standalone\sandeployments\SanAnalytics.war does not exists, no need to patch war file. Patching dcnmweb.war... "Stopping DCNM service..." The service is not responding to the control function. More help is available by typing NET HELPMSG 2186. Waiting for 0 seconds, press CTRL+C to quit ... "Applying patch..." 1 file(s) copied. 1 file(s) copied. "Removing wildfly temp directory..." "Starting DCNM server..." The Cisco DCNM SAN Server service is starting. The Cisco DCNM SAN Server service was started successfully. Waiting for 0 seconds, press CTRL+C to quit ... C:\Users\dcnm\spring4shell-patch>

Installing the SMU on Cisco DCNM Linux Appliance

To install the SMU on Cisco DCNM Linux appliance, perform the following:

Before you begin

Take a backup of the Cisco DCNM application. Copy the backup file to a safe location outside the DCNM server.
If Cisco DCNM appliance is installed in VMware environment, ensure that you take VM snapshots for all nodes. For instructions, refer to VMware Snapshot Support section in your Cisco DCNM Release Notes.
Ensure that you plan for a maintenance window to install SMU.

Ensure that Cisco DCNM 11.5(4) is up and running.

Note

Only a root user can install the SMU on the Cisco DCNM Release 11.5(4) appliance

Procedure

Step 1	Download the SMU file. Go to the following site: https://software.cisco.com/download/. A list of the latest release software for Cisco DCNM available for download is displayed. In the Latest Releases list, choose Release 11.5(4). Locate DCNM 11.5(4) Maintenance Update for Windows and Linux servers to address CVE-2022-22965 and click Download icon. Save the dcnm-win-linux-patch.11.5.4.zip file to your directory that is easy to find when you start to apply the maintenance update (patch).
Step 2	Upload the file to the /root/ folder in the DCNM setup.
Step 3	Log on to Cisco DCNM using SSH as a root user.
Step 4	Unzip the dcnm-win-linux-patch.11.5.4.zip file in /root/ directory.
Step 5	Change directory to /patch. `[root@dcnm]# cd patch`
Step 6	Apply the patch. [root@dcnm]# ./patch.sh ============================================================ ============ spring4shell patch for DCNM 11.x ============== ============================================================ Please enter DCNM install directory. Press Enter to select default. [Default:/usr/local/cisco/dcm]: DCNM Home Dir: /usr/local/cisco/dcm Preparing patch, please wait... mds.nmsRoot: /usr/local/cisco/dcm Patching dcm.ear... Patching SanAnalytics.war... Patching dcnmweb.war... Stopping DCNM service... Stopping FMServer (via systemctl): [ OK ] Applying patch... Removing wildfly temp directory... Starting DCNM server... Starting FMServer (via systemctl): [ OK ] [root@esc-11-4-a spring4shell-patch]#

Installing Software Maintenance Update on Cisco DCNM OVA/ISO Deployment

This section provides instructions to install Software Maintenance Update (SMU) on OVA/ISO deployments in Cisco DCNM Release 11.5(4) to address CVE-2022-22965 issue.

This section contains the following topics:

Installing SMU on DCNM Standalone Deployment

This section provides instructions to install Software Maintenance Update (SMU) on OVA/ISO deployments in Cisco DCNM Release 11.5(4) to address CVE-2022-22965 issue.

To apply the Software Maintenance Update (SMU) on Cisco DCNM OVA/ISO in Standalone deployment mode, perform the following steps:

Before you begin

Take a backup of the application data using the appmgr backup command on the DCNM appliance.
```
dcnm# appmgr backup
```
Copy the backup file to a safe location outside the DCNM server.
If Cisco DCNM appliance is installed in VMware environment, ensure that you take VM snapshots for all nodes. For instructions, refer to VMware Snapshot Support section in your Cisco DCNM Release Notes.
Ensure that you plan for a maintenance window to install SMU.

Ensure that Cisco DCNM 11.5(4) is up and running.

Note

Only a root user can install the SMU on the Cisco DCNM Release 11.5(4) appliance

Procedure

Step 1

Download the SMU file.

Go to the following site: https://software.cisco.com/download/.

A list of the latest release software for Cisco DCNM available for download is displayed.
In the Latest Releases list, choose Release 11.5(4).
Locate DCNM 11.5(4) Maintenance Update for VMWare, KVM, Bare-metal, and Appliance servers to address CVE-2022-22965 and click Download icon.
Save the dcnm-va-patch.11.5.4-p1.iso file to your directory that is easy to find when you start to apply the maintenance update (patch).

Step 2

Unzip the dcnm-va-patch.11.5.4-p1.iso file and upload the file to the /root/ folder in the DCNM node.

Step 3

Log on to the Cisco DCNM appliance using SSH as a sysadmin user.

Run the su command to enable root user.

dcnm# su
Enter the root password: 
[root@dcnm]#

Step 4

Run the following command to create a screen session.

[root@dcnm]# screen

This creates a session which allows you to execute the commands. The commands continue to run even when the window is not visible or if you get disconnected.

Step 5

Create a folder named iso using the mkdir /mnt/iso command.

[root@dcnm1]# mkdir -p /mnt/iso

Step 6

Mount the DCNM 11.5(4) SMU file in the /mnt/iso folder.

[root@dcnm]# mount -o loop dcnm-va-patch.11.5.4-p1.iso /mnt/iso

Step 7

Navigate to /scripts/ directory.

[root@dcnm]# cd /mnt/iso/packaged-files/scripts/

Step 8

Run the ./inline-upgrade.sh script.

[root@dcnm]# ./inline-upgrade.sh

The progress is displayed on the screen. When the installation of SMU is complete, a successful message appears.

Note

After the SMU is installed successfully, the DCNM process restarts. This results in a momentary loss of access to the DCNM Web UI.

Step 9

Ensure the DCNM application is functional, by using the appmgr status all command.

[root@dcnm]# appmgr status all

Step 10

Terminate the screen session, by using the exit command.

[root@dcnm]# exit

Step 11

Unmount the dcnm-va-patch.11.5.4-p1.iso file from the DCNM setup.

Note

You must terminate the screen session before unmounting the SMU file.

[root@dcnm]# umount /mnt/iso

Step 12

Start SMI-S service by using the systemctl start CISCOSMIS command.

Cisco DCNM Installation and Upgrade Guide for SAN Deployment, Release 11.5(4)

Bias-Free Language

Book Title

Cisco DCNM Installation and Upgrade Guide for SAN Deployment, Release 11.5(4)

Chapter Title