Cisco has recently made available free software updates to address a vulnerability that has been identified in their systems. Customers who have service contracts that entitle them to regular software updates can obtain the necessary security fixes through their usual update channels. However, customers should be aware that they may only install and receive support for software versions and feature sets for which they have purchased a license. By installing, downloading, accessing, or using such software upgrades, customers agree to adhere to the terms outlined in the Cisco software license.
It is important for customers to only download software for which they have a valid license, acquired either directly from Cisco or through an authorized reseller or partner. Generally, these downloads will be maintenance upgrades to software that was previously purchased. It is crucial to note that free security software updates do not entitle customers to a new software license, additional software feature sets, or major revision upgrades.
For information about licensing and downloads, customers can visit the Cisco Support and Downloads page on Cisco.com. This page can also display customer device support coverage for those who utilize the My Devices tool. When contemplating software upgrades, customers are strongly advised to regularly check the advisories for Cisco products, available from the Cisco Security Advisories page, to assess exposure and identify a comprehensive upgrade solution.
In all instances, customers should ensure that the devices slated for an upgrade have sufficient memory and verify that current hardware and software configurations will be adequately supported by the new release. If there is any uncertainty regarding this information, customers are encouraged to reach out to the Cisco Technical Assistance Center (TAC) or their contracted maintenance providers.
For customers without service contracts, those who purchase directly from Cisco but do not have a service contract in place, or those who make purchases through third-party vendors without success in obtaining fixed software, should seek upgrades by contacting the Cisco TAC. They should have the product serial number available and be ready to provide the URL of the advisory as proof of entitlement to a free upgrade.
The table provided showcases Cisco software releases and indicates whether a release is impacted by the vulnerability outlined in the advisory, along with the first release that includes the fix for said vulnerability. Customers are advised to upgrade to the appropriate fixed software release as indicated in the table.
The validation of affected and fixed release information is conducted by the Cisco Product Security Incident Response Team (PSIRT) and is detailed in the advisory document. Customers should keep abreast of updates and follow the recommended actions to ensure the security and functionality of their Cisco systems.