Update CIMC Firmware on Cisco Secure Web Appliances
Available Languages
Bias-Free Language
The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.
- US/Canada 800-553-2447
- Worldwide Support Phone Numbers
- All Tools
Feedback
Feedback
Appliances covered by the CIMC Firmware Update
Supported Software Versions for CIMC Firmware Update
Update for CIMC Firmware Installation Instructions
This firmware update package is to update the Cisco IMC firmware which has the fix to the vulnerabilities detailed in CVE-20240-20295 and CVE-2024-20356.
Note: The update for CIMC firmware is available only for appliances that require the upgrade. If you are running a supported version of AsyncOS and you do not see the upgrade package with description Firmware update package Cisco IMC CVE-2024-20295 CVE-2024-20356 in the list of available upgrades, you can assume that your appliance does not require the upgrade and you can skip this upgrade process.
Appliances covered by the CIMC Firmware Update
● S195, S395, S695/F
● S196, S396, S696/F
Supported Software Versions for CIMC Firmware Update
If you are running an AsyncOS version that is not listed in this section, upgrade AsyncOS to a supported release before installing the firmware patch.
● 15.0.0-355
● 15.1.0-287
● 15.2.0-116
● 15.2.0-164
● 14.0.1-053
● 14.0.2-012
● 14.0.3-014
● 14.0.4-005
● 14.0.5-007
● 14.1.0-041
● 14.1.0-047
● 14.5.0-498
● 14.5.0-537
● 14.5.0-673
● 14.5.1-016
● 14.5.2-011
Update for CIMC Firmware Installation Instructions
Follow the instructions below to obtain and install the update for CIMC firmware patch.
Note: In this process and document, "upgrade" and "update" are used interchangeably.
Pre-installation Requirements
Before you install the update for CIMC firmware, save the configuration file to a location on the appliance:
Step 1. In the graphical user interface, navigate to System Administration > Configuration File.
Step 2. In the Current Configuration tab, do the following:
a. Select Download file to local computer to view or save.
b. Under Password Display Options, select Encrypt passwords in the Configuration Files and then specify how to generate the file name. You can either select Use system-generated file name or Use user-defined file name. If you are selecting Use user-defined file name, enter the file name.
Step 3. Click Submit.
Installing the CIMC Firmware Update
Step 1. Access the CLI interface. For details on accessing the CLI, see Cisco Secure Web Appliance User Guide.
Note: For the update to run successfully, you must run the update from the CLI.
Step 2. Select DOWNLOADINSTALL option. You must only select DOWNLOADINSTALL option for this update to work properly.
Step 3. From the CLI enter upgrade.
Step 4. Select the CIMC update package from the upgrade package list. Enter the number with the description - Firmware update package Cisco IMC CVE-2024-20295 CVE-2024-20356.
Step 5. You are prompted to save the current configuration to the configuration directory. The default value is Y (yes). Enter N if you do not want to save the current configuration.
Step 6. Choose the password option from the list and press enter.
Step 7. Enter Y when prompted to proceed with the update.
The following message will be displayed :
BMC firmware update:
====================
Updating BMC from 4.0(1e) to 4.2(3j). This may take some time please wait...
BMC Update complete
Activating BMC. Please wait...
CIMC login will be disconnected, Please connect after two mins
Activation of BMC firmware successful
Current running version of BMC: 4.2(3j)
Upgrade installation finished.
Note: CIMC firmware update does not require a reboot. The system will not reboot after the upgrade process.
Note: The firmware update package will be displayed in the list of available upgrades even after successful installation. This does not indicate that the firmware upgrade was unsuccessful.
Step 8. (Optional) Verify the CIMC firmware update using the version command. If the BMC version is updated to 4.02, it indicates that the update was successful.
Note: If the update fails even after multiple tries, contact Cisco TAC for assistance.
Example:
UDI: S195 VA0 WZP231206NK
Name: S195
Product: Cisco S195 Secure Web Appliance
Model: S195
Version: 15.0.0-355
Build Date: 2023-07-12
Install Date: 2023-07-12 15:28:41
Serial #: D4789B004502-WZP231206NK
BIOS: C220M5.4.0.1h.0.1108182337
RAID: 50.1.0-1456
RAID Status: Optimal
RAID Type: 1
BMC: 4.02
Cisco DVS Engine: 1.0 (Never Updated)
Cisco DVS Malware User Agent Rules: 0.554 (Never Updated)
Cisco DVS Object Type Rules: 0.554 (Never Updated)
Cisco Trusted Root Certificate Bundle: 2.4 (Tue Jun 04 19:22:28 2024)
Cisco Certificate Blocked List: 1.3 (Tue Jun 04 19:22:28 2024)
How-Tos: 1.0 (Never Updated)
Youtube Categorization engine: 1.0.0 (Never Updated)
This document describes and provides links to the hardware and software user documentation available for Secure Web Appliances. To find a document online, use one of the links in this section.
| Documentation |
Location |
| User Guide for Cisco Web Security Appliances |
https://www.cisco.com/c/en/us/support/security/web-security-appliance/products-user-guide-list.html |
| Secure Web Appliance Release Notes, ISE Compatibility Matrix, and Ciphers |
|
| Hardware Installation and Getting Started guides for Secure Web Appliances |
Cisco Support Community is an online forum for Cisco customers, partners, and employees. It provides a place to discuss general web security issues as well as technical information about specific Cisco products. You can post topics to the forum to ask questions and share information with other Cisco users.
Access the Cisco Support Community at the following URLs:
https://supportforums.cisco.com/community/5786/web-security
Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this URL: www.cisco.com/go/trademarks. Third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (1721R)
Any Internet Protocol (IP) addresses and phone numbers used in this document are not intended to be actual addresses and phone numbers. Any examples, command display output, network topology diagrams, and other figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses or phone numbers in illustrative content is unintentional and coincidental.
© 2024 Cisco Systems, Inc. All rights reserved.