June 2015—CVE-2015-0291, CVE-2015-0204, CVE-2015-0290, CVE-2015-0207, CVE-2015-0286, CVE-2015-0208, CVE-2015-0287, CVE-2015-0289, CVE-2015-0292, CVE-2015-0293, CVE-2015-1787, CVE-2015-0285, CVE-2015-0288. For more details, see OpenSSL Security Advisory [11 Jun 2015].
– Network Time Protocol Daemon (NTPD)—CVE-2015-1798 and CVE-2015-1799
Cisco Prime Infrastructure Plug and Play Gateway Patch Release
Cisco Prime Infrastructure Release-Supported Servers
Cisco Plug and Play Deployment Application-Supported Releases
The Cisco Prime Infrastructure Plug and Play Gateway patch 188.8.131.52 must be installed on the Cisco Prime Infrastructure Plug and Play Gateway Server 2.2.1 or 3.0. The system requirements are the same as that for the Cisco Prime Infrastructure 2.2 Plug and Play gateway server.
This section contains instructions for installing the Cisco Prime Infrastructure Plug and Play Gateway.
Plug and Play Gateway Patch Installation in Standalone Configuration
The Plug and Play Gateway standalone server patch is available in the pnp-packaging-184.108.40.206.tar.gz file. The patch upgrade procedure requires an FTP or TFTP server containing the patch file.
You can access this server from the Cisco Prime Infrastructure 2.2.1 Plug and Play Gateway standalone server by following these steps:
Step 1 Log in to the Plug and Play Gateway standalone server as admin user. The following is a sample output of the patch upgrade with the url FTP:
pnp-server login: admin
pnp-server/admin# configure Enter configuration commands, one per line. End with CNTL/Z. pnp-server/admin(config)# repository <repository-name>
pnp-server/admin(config-Repository)# user <user-ID> password <option> <password>
Step 2Use the application upgrade command to install the pnp-packaging-220.127.116.11.tar.gz Plug and Play Gateway standalone patch. The following is a sample output of the Plug and Play gateway patch upgrade:
Step 2 After successful installation, verify if the patch is successfully installed by entering the following commands in CARS CLI:
Note The RHEL patch application should not be removed, once it is installed because this causes CARS environment to be unstable.
Plug and Play-gateway 18.104.22.168 provides fix for POODLE vulnerability and for enabling/disabling SSLv3 on your server. You can disable SSLv3 and other lower versions only if you setup the Plug and Play gateway in Advanced mode.
To disable SSLv3, follow these steps:
Step 1 After upgrading to 22.214.171.124, use the following command to setup the Plug and Play gateway in Advanced mode.
pnp setup advanced
Step 2 The following prompt appears after you setup the Plug and Play gateway 126.96.36.199 in Advanced mode.
Do you want to disable SSLv3 and below (y/n) ? [n]
Select Yes or No (y/n).
Step 3 If SSLv3 is enabled by default, enter ‘y’ in the prompt to disable SSLv3.
Note If SSLv3 is disabled on Standalone Plug and Play server, then IOS image of the devices must be upgraded to a version which supports protocols other than SSLv3 such as TLS. The Plug and Play gateway does not work if this upgrade is not done.
Windows Application for Plug and Play Gateway
A new version of windows application for Plug and Play is available with this release. This addresses the connectivity issue with Cisco Prime Infrastructure 3.0.
Note There is no changes in the backend functionality. In the GUI, Refresh button appears in Home and Deploy Downloaded Configuration pages. You must refresh the COM port list before starting the deployment in both the pages.
Plug and Play Gateway Patch Installation in High Availability Configuration
If the Plug and Play Gateway is configured in high availability mode, then follow the below steps to upgrade the patch on both primary or secondary servers:
Subscribe to What’s New in Cisco Product Documentation, which lists all new and revised Cisco technical documentation, as an RSS feed and deliver content directly to your desktop using a reader application. The RSS feeds are a free service.
Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this URL: www.cisco.com/go/trademarks. Third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (1110R)
Any Internet Protocol (IP) addresses and phone numbers used in this document are not intended to be actual addresses and phone numbers. Any examples, command display output, network topology diagrams, and other figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses or phone numbers in illustrative content is unintentional and coincidental.