CUAdmin inaccessible after 10.5.2 upgrade

mbaker33 · ‎04-09-2015

I upgraded from 10.5.1 to 10.5.2b tonight and all went well, except when I attempt to go to the CUAdmin page, I am redirected to the CMPlatform page. Is this a bug, or is there something I can do to resolve?

Thanks,

Mark

Aman Soi · ‎04-09-2015

Hi Mark,

Are u able to login to other pages like unified reporting/Disaster recovery and cisco unified serviceability after u are trying to Administration page but get access to OS Administartion page?

I can find one bug but not sure whether exactly relates to your issue.

CUCM Platform Vulnerable to CSRF Attack

CSCuo95791

Description

Symptom:
A vulnerability in the web application of Cisco Unified Communications Manager which could allow an authenticated, local attacker to execute unwanted
actions.

The vulnerability is due to Cross-Site Request Forgery. An attacker could exploit this vulnerability by tricking the user of a web application
into executing an adverse action.

Conditions:
Web applications in the Cisco Unified Communications Manager has several pages that are vulnerable to CSRF attacks which can change settings. For
example, uploading and deleting certificates, custom login messages and tftp files. https://cucmserver/cmplatform/certificateUpload.do
https://cucmserver/cmplatform/certificateDelete.do https://cucmserver/cmplatform/clmFileUpload.do https://cucmserver/cmplatform/clmFileDelete.do
https://cucmserver/cmplatform/tftpFileUpload.do https://cucmserver/cmplatform/tftpFLDeleteSelected.do
https://cucmserver/cmplatform/ssoAppConfigSave.do

Workaround:
NONE

regds,

aman

mbaker33 · ‎04-10-2015

Hello Aman,

Yes, I am able to access all of the other sites, just not the CUAdmin site for some reason.

The bug you referenced doesn't seem to be a match.

Thanks,

Mark

Aman Soi · ‎04-10-2015

Hi Mark,

I could not find any more info related to this issue .Suggets opening TAC case .

regds,

aman

mbaker33 · ‎04-10-2015

Thanks Aman,

I was thinking the same thing, but sometimes it's faster with a post here.

Thanks for your help,

Mark

Aman Soi · ‎04-10-2015

Hi Mark,

Please do share results since never came across this issue.

regds,

aman

Aman Soi · ‎04-10-2015

Hi Mark,

Hwo many servers u have in cluster?Is it happening for all of them.

can u check from CLI by running command utils service list status of below :

Cisco CallManager Admin

whether it is stopped or STARTED

regds,

aman

mbaker33 · ‎04-10-2015

Hi Aman,

I am on with TAC now and they suspect it is a bug, but it is an internal bug at the moment. Disabling SSO allowed access to the admin page, however, Jabber SSO integration now is broken.

They searched for a workaround, but there wasn't one at this time. We will need to disable SSO during off hours in order to manage Unity users, and enable it again for Jabber to work properly.

I am also under the impression that this may not be resolved until Unity 11 later in the summer.

Mark

Update: It appears after disabling and enabling SSO, all works fine. Perhaps this is a good work around for anyone looking to upgrade to 10.5.2 and run SSO.