Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Cisco Unity Connection CUC Reset PIN Not Authorized Error

Hi All,

   So we ran into this strange problem with our CUC 8.6. We have techs assigned to the Helpdesk role. They can reset the Voicemail PINs for almost all users save for a handful. When they attempt to reset the PINs for these users they get a Not Authorized error. What could be the cause of this?

Thanks,

Tom

Everyone's tags (3)
9 REPLIES
Silver

Cisco Unity Connection CUC Reset PIN Not Authorized Error

Hello Tom,

Probably those handful of users that cannot be reset have higher Roles as Admin or Audit and therefore you cannot change them.

New Member

Cisco Unity Connection CUC Reset PIN Not Authorized Error

Hmm, we checked his roles and indeed he has the Helpdesk role and the other user has no roles. Funny thing too we just noticed is that this particular Helpdesk tech cannot modify other Helpdesk techs PINS, but they *can modify his..

Cisco Employee

Re: Cisco Unity Connection CUC Reset PIN Not Authorized Error

Hello

Can you please check the user privilleges and try Assign system administrator role for the account  to allow the reset/modify the operation .

Br,

Nadeem

Br, Nadeem Please rate all useful post.
New Member

Cisco Unity Connection CUC Reset PIN Not Authorized Error

Hi Nadeem, unfortunately we cannot assign him systems admin role, he's with our helpdesk group. My account as a system admin has not issues resetting users PINs.

Silver

Cisco Unity Connection CUC Reset PIN Not Authorized Error

Hi Tom,

Check some of these out:

Some existing bugs>

CSCtn59526    CUC - Account with User Administrator role cannot delete users 

CSCtd45141    Cisco Unity Privilege Escalation Vulnerability 

CSCsl92087 (registered customers only) —CUC 2.0 Helpdesk Administrator Role does not allow
user to unlock accounts

#DavvID

Cisco Employee

Cisco Unity Connection CUC Reset PIN Not Authorized Error

look like to me issue with this , an DDTs was opened to addressed to Vulnerability, may that's the reason HELPDESK not able to change the same. there is no workaround to this.

Cisco Unity Privilege Escalation Vulnerability

CSCtd45141

Cisco Unity Connection contains two vulnerabilities:

Cisco Unity Connection Privilege Escalation Vulnerability
Cisco Unity Connection Denial of Service Vulnerability

Exploitation  of the Cisco Unity Connection Privilege Escalation Vulnerability may  allow an authenticated, remote attacker to elevate privileges
and obtain full access to the affected system.

Exploitation  of the Cisco Unity Connection Denial of Service Vulnerability  may  allow an unauthenticated, remote attacker to cause system
services to terminate unexpectedly, which may result in a denial of service condition.
Cisco  has released free software updates that address these vulnerabilities.  There are no workarounds that mitigate these vulnerabilities.


Br,
Nadeem 

Please rate all useful post.

Br, Nadeem Please rate all useful post.
New Member

Cisco Unity Connection CUC Reset PIN Not Authorized Error

Awesome thank you everyone for your response.

A somewhat related question:

   Of the roles in CUC 8.6:

     Audio Text Admin

     Audit Admin

     Greeting Admin

     Help Desk Admin

     Mailbox Access Delegate

     Remote Admin

     System Admin

     Technician   

     User Admin

Which of these roles can a Helpdesk Admin role user be able to change their PINs?

Thanks!

Tom

Silver

Cisco Unity Connection CUC Reset PIN Not Authorized Error

Hi Tom,

If you check the guide the Help Desk is more than enough to change PIN's, however there is a catch, you cannot change them for users that have higher privileges otherwise it would be a Privilege Escalation:

Some existing bugs>

CSCtn59526    CUC - Account with User Administrator role cannot delete users 

  • CSCtd45141    Cisco Unity Privilege Escalation Vulnerability
CSCsl92087 (registered customers only) —CUC 2.0 Helpdesk Administrator Role does not allow
user to unlock accounts

Help Desk Administrator

This role allows an administrator to reset user passwords and PINs, unlock user accounts, and view user setting pages.

Note The "Manage Call Handlers Belonging To Users Only - View Only" privilege refers to the primary call handler assigned to a user that include all greetings, transfer rules, and menu entries that you see on the User's page under the Roles section.

http://www.cisco.com/en/US/docs/voice_ip_comm/connection/8x/user_mac/guide/8xcucmac020.html#wp1051700

You mentioned "for almost all users save for a handful", due to the escalation issue this would be expected unless you assign the Help Desk role the same or higher privileges than of those who they are wishing to change.

#DavvID

New Member

Cisco Unity Connection CUC Reset PIN Not Authorized Error

David,

  Thanks for the response.

  So how can we assign the Help Desk role higher privileges than the User Administrator and Greetings Administrator roles?

Thanks,

Tom

763
Views
0
Helpful
9
Replies
CreatePlease login to create content