Applyed 2.0 MR5 for bash vulnerability and now showing vulnerable for POODLE attack. Looks like CWMS is still under investigation according to Cisco (cisco-sa-20141015-poodle) but test from ssllabs shows MR5 as vulnerable.
CWMS 1.5 MR5 and 2.0 MR5 were released to address BASH vulnerability. For some reason Release Notes are not out yet, but if you look at the Readme file of the MR5 for both 1.5 and 2.0 you will see details about the vulnerability fixes.
I hope this will help, and that Release Notes will be released sooner than later.
It is bit confusing when I read vulnerability page. I know that originally when vulnerability came out, CWMS was listed as an affected product, but now it is listed under product confirmed not vulnerable, it does not specify the version as well.
CWMS runs a version of BASH that is vulnerable. However, Cisco has analyzed this vulnerability and concluded that while the product may run a vulnerable version of BASH, there are no exploitation vectors present. Hence, CWMS is not impacted, but we still released 1.5 MR5 and 2.0 MR5 to address this vulnerability.
SIP traces provide key information in troubleshooting SIP Trunks, SIP
endpoints and other SIP related issues. Even though these traces are in
clear text, these texts can be gibberish unless you understand fully
what they mean. This document attempts to br...
Please find the attached HTML document, download and open it on your PC.
This provides an easy to use form where you simply answer a few
questions and it will render the proper jabber-config.xml file for you
to copy/paste. There is built in logic to verif...
CUCM Database Replication is an area in which Cisco customers and
partners have asked for more in-depth training in being able to properly
assess a replication problem and potentially resolve an issue without
involving TAC. This document discusses the bas...