Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Bash Vulnerability affecting CUCM 7.1.5, Unity connection 7.1.5, UCCX 7.x

My Customer has CUCM 7.1.5, Unity connection 7.1.5 and UCCx 7.x version. Is there a fix for these version ? According to Cisco the fix release are on version 10.5. Does that mean there is no fix for 7.1.5 and that the customer needs to migrate to version 10 to apply the fix. Please advice..

 

CUCM evaluation for CVE-2014-6271, 2014-7169, 2014-6277 and 2014-6278

Ref: CSCur00930

Known Affected Releases:     (16)

10.0(1.10000.24)

10.5(1.10000.7)

5.0

5.1

6.0

6.1

7.0

7.1

7.1(5)

8.0

8.5(1)

8.6

8.6(2.10000.30)

9.0(1)

9.1(1)

9.1(2)

 

Known Fixed Releases:          (5)

10.5(1.11900.12)

10.5(1.98000.307)

10.5(1.98000.311)

10.5(1.98000.372)

10.5(1.98000.378)

 

Cisco Unity Connection evaluation for CVE-2014-6271 and CVE-2014-7169

Ref: CSCur05328

 

Known Affected Releases:     (1)

9.5(0.9)TT0

 

Known Fixed Releases:          (1)

10.5(1.11900.13)

2 REPLIES
New Member

 For CUCM: Bug description

 

For CUCM and Unity Connection bug description has been updated, COP file fixes listed releases. So you can upgrade to any of these releases and then apply COP file.

https://tools.cisco.com/bugsearch/bug/CSCur00930

Unified Communications Manager / CallManager / Cisco Unity Connection Utilities-COP-Files

 

 

Further Problem Description:
A COP file,ciscocm.bashupgrade.cop.sgn, has been published to cisco.com that can be used to patch existing systems as indicated below.
In addition to the above mentioned COP file, this fix will be included in future software releases and will be made available for all releases that have not reached End of SW Maintenance Releases Date, including
Release 8.5.1 - first fixed release is TBD
Release 8.6.2 - first fixed release is TBD
Release 9.1.2 - first fixed release is TBD
Release 10.0.1 - first fixed release is TBD
Release 10.5.1 - first fixed release is TBD

 

The short answer is, no, they

The short answer is, no, they aren't going to provide a fix.  Your customer is running a product that is beyond end of life and there is no support.  This is the risk accepted when you do this.

 

It can be addressed, but you'll have to upgrade to a supported version to gain access to the patch, or patched upgrade media.

 

Cliff

391
Views
0
Helpful
2
Replies