cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
593
Views
0
Helpful
2
Replies

Bash Vulnerability affecting CUCM 7.1.5, Unity connection 7.1.5, UCCX 7.x

cisco
Level 1
Level 1

My Customer has CUCM 7.1.5, Unity connection 7.1.5 and UCCx 7.x version. Is there a fix for these version ? According to Cisco the fix release are on version 10.5. Does that mean there is no fix for 7.1.5 and that the customer needs to migrate to version 10 to apply the fix. Please advice..

 

CUCM evaluation for CVE-2014-6271, 2014-7169, 2014-6277 and 2014-6278

Ref: CSCur00930

Known Affected Releases:     (16)

10.0(1.10000.24)

10.5(1.10000.7)

5.0

5.1

6.0

6.1

7.0

7.1

7.1(5)

8.0

8.5(1)

8.6

8.6(2.10000.30)

9.0(1)

9.1(1)

9.1(2)

 

Known Fixed Releases:          (5)

10.5(1.11900.12)

10.5(1.98000.307)

10.5(1.98000.311)

10.5(1.98000.372)

10.5(1.98000.378)

 

Cisco Unity Connection evaluation for CVE-2014-6271 and CVE-2014-7169

Ref: CSCur05328

 

Known Affected Releases:     (1)

9.5(0.9)TT0

 

Known Fixed Releases:          (1)

10.5(1.11900.13)

2 Replies 2

Jerzy Sliwinski
Level 1
Level 1

 

For CUCM and Unity Connection bug description has been updated, COP file fixes listed releases. So you can upgrade to any of these releases and then apply COP file.

https://tools.cisco.com/bugsearch/bug/CSCur00930

Unified Communications Manager / CallManager / Cisco Unity Connection Utilities-COP-Files

 

 

Further Problem Description:
A COP file,ciscocm.bashupgrade.cop.sgn, has been published to cisco.com that can be used to patch existing systems as indicated below.
In addition to the above mentioned COP file, this fix will be included in future software releases and will be made available for all releases that have not reached End of SW Maintenance Releases Date, including
Release 8.5.1 - first fixed release is TBD
Release 8.6.2 - first fixed release is TBD
Release 9.1.2 - first fixed release is TBD
Release 10.0.1 - first fixed release is TBD
Release 10.5.1 - first fixed release is TBD

 

Clifford McGlamry
Spotlight
Spotlight

The short answer is, no, they aren't going to provide a fix.  Your customer is running a product that is beyond end of life and there is no support.  This is the risk accepted when you do this.

 

It can be addressed, but you'll have to upgrade to a supported version to gain access to the patch, or patched upgrade media.

 

Cliff

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: