Cisco has recently made available free software updates to address a vulnerability that has been identified. Customers who have service contracts that include regular software updates are encouraged to obtain these security fixes through their usual update channels. It is important for customers to only install and seek support for software versions and feature sets that they have valid licenses for. By installing, downloading, accessing, or using such software upgrades, customers agree to adhere to the terms outlined in the Cisco software license agreement.
Furthermore, customers are reminded that they should only download software for which they have a valid license, either directly from Cisco or through an authorized reseller or partner. Free security software updates do not grant customers a new software license, additional feature sets, or major upgrades. The Cisco Support and Downloads page on Cisco.com is a valuable resource for customers seeking information regarding licensing and downloads. This page can also display customer device support coverage through the My Devices tool.
When considering software upgrades, customers are advised to regularly check the advisories for Cisco products available on the Cisco Security Advisories page. This will help customers determine any exposure and find a comprehensive upgrade solution. It is essential for customers to ensure that the devices intended for upgrade have sufficient memory and confirm that current hardware and software configurations will be properly supported by the new release. Customers who require further clarity are encouraged to reach out to the Cisco Technical Assistance Center (TAC) or their maintenance providers.
For customers without service contracts, who have purchased directly from Cisco or through third-party vendors without success in obtaining fixed software, upgrades can be obtained by contacting the Cisco TAC. Customers will need to have the product serial number available and provide the URL of the advisory as proof of entitlement to a free upgrade.
In the table provided below, the affected Cisco software releases are listed alongside the first release that includes the fix for the identified vulnerability. Customers are advised to upgrade to the appropriate fixed software release as indicated in the table:
| Cisco ECE Release | First Fixed Release |
| ——————— | ——————- |
| Earlier than 12.5 | Migrate to a fixed release |
| 12.5 | 12.5(1) ES9 |
| 12.6 | 12.6(1) ES9 ET3 |
The Cisco Product Security Incident Response Team (PSIRT) authenticates only the affected and fixed release information documented in this advisory. Customers are encouraged to stay informed and take the necessary steps to ensure the security and performance of their Cisco products.