|
|
|
|
|
|
by chris_overseas
3773 days ago
|
|
|
You don't need a SmartNET contract, but... We own affected hardware and don't have a support contract. It took me about four hours working my way through Cisco customer and tech support to get updated. Now that the interim patch is applied (complete with bugs mentioned elsewhere in this thread?), it doesn't sound like we'll easily be able to get a bug-free update at a later date. So while we're hopefully safe, we might not be stable. Early on in the process (after 2-3 email iterations) their customer support called me to say we weren't eligible for a fix because we didn't have a support contract. I'd mentioned in my initial request that we had no contract but also pointed out that the advisory said we didn't need one. I had also provided a link to the advisory in my initial request, so that should not have been an issue. I was then told my request was "very confusing". Once I finally convinced them we were allowed the update and verified the serial number of our hardware, I was thankfully forward on to tech support. They then checked our firmware version and I was supplied with a patch download URL quite quickly. The actual download was hampered in several ways by their poor website (registration required, browser autocomplete and cut and paste caused their JS validation to fail, and I couldn't get it to work with any browser other than IE). Once I finally had the patch, it applied without issue. In short - the patch process was long, frustrating, complex, and as a small business owner makes me never want to ever, ever deal with Cisco products again. |
|
|
I'm going to renew SmartNET not for this particular vulnerability but for simply getting over the NAT hump from to 8.2 to 8.3 (and whatever other gotchas have come up between 8.2 and latest 9.x). Cisco TAC has been pretty awesome in the past, definitely don't trust myself to navigate the upgrade path in production.