Cisco recently published an advisory about a vulnerability with a CVSS rating of 6.5. It’s not very critical as it can only be exploited by authenticated users – it’s still noteworthy.
More details can be found here: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ssm-sql-X9MmjSYh
There is no workaround available, so it’s recommended to do a software upgrade to the 8-202303 version.
Crucial Pre-upgrade Step: Database Backup and VM Snapshots
Ensure you’ve backed up your database before executing an upgrade, especially if you’re utilizing a VM. If something goes wrong and you need to rebuild, having a backup will help.
Refer to database_backup on page 8 of the following document: https://www.cisco.com/web/software/286326948/158268/SSM_On-Prem_8_Console_Guide.pdf
Use WinSCP to copy the backup to your PC or admin server, which should be located in /var/files/backups on CSSM.
This backup maintains records of a product’s certificates, vital for product validation. Without it, deploying a new On-Prem instance could lead to re-registering all products associated with the On-Prem license server.
(Unconfirmed information) VM Snapshots can serve as an alternative backup method. In case of reverting to a Snapshot, you must do a full sync with the Cloud.
Steps for Software Download
- Visit: https://software.cisco.com/download/home
- In the Select a Product field, input “Smart Software Manager satellite”.
- Under “Latest Release” in the left-hand column, choose 8-202303.
- From the available download files, select: SSM_On-Prem_8-202303 _Upgrade.zip This is used to upgrade your current SSM On-Prem license server to the new version.
- After download completion, locate the zip file in its directory, right-click and select “unzip image”.
While an SSH upgrade method is suggested on page 34 here, https://www.cisco.com/web/software/286285517/152313/Smart_Software_Manager_On-Prem_8-202006_Installation_Guide.pdf, I personally prefer the WinSCP technique which worked fine for me earlier but now needs a few adjustments.
Upon unzipping, you’ll notice these two files. Previously, copying them into /var/files/patches/ using WinSCP and executing an upgrade from the command line was straightforward.
This method no longer allows direct file copying to the /var/files/patches/ path. Instead, copy the upgrade and another file to the backup /var/files/backups using WinSCP.
Note: an existing corresponding signature file is necessary.
Now move them, using the command line interface, initiate sudo mode by typing “sudo -s”, navigate to the /var/files/backups directory using the cd command on the command line, and then move the files using the Linux mv command. Then run these additional commands to do the upgrade. As demonstrated below:
sudo -s
cd /var/files/backups
mv SSM_On-Prem_8-202303_upgrade.sh /var/files/patches/
mv SSM_On-Prem_8-202303_upgrade.sh.sha256 /var/files/patches/
onprem-console
upgrade patches:SSM_On-Prem_8-202303_upgrade.shUpon upgrade completion (estimated time: 5-15 minutes), you’ll receive a notification. The system will then automatically reboot.
NOTE: If an automatic reboot fails to occur, manually restart your system.
Did this help? Or did you face different hurdles? Please let me know – I’d love to hear from you.
If you were just looking for more details on Smart licensing or have some questions. I recommend checking this KB on the Cisco community.
Smart License Using Policy – FAQ
