Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1593
Views
20
Helpful
7
Replies

Is CUCM version: 8.0.3.20000-2 affected buy the bash bug - Shellshock

kasper123
Level 4
Level 4

‎09-29-2014 07:39 AM - last edited on ‎03-25-2019 08:31 PM by Community Manager

I read CSCur00930 and also Advisory ID: cisco-sa-20140926-bash.

It has several versions of CUCM listed as affected, and also some that are unaffected.

Can someone tell me whether CUCM version 8.0.3.20000-2 is affected by this bug as I can't find it on the lists in the advisory?

 

Regards. 

1 person had this problem
Labels:
0 Helpful
7 Replies 7

Kenneth Russell
Cisco Employee
Cisco Employee

‎09-30-2014 07:38 AM

Yes, 8.0.3.20000-2 is affected. We are working to make that more clear in the details of CSCur00930 (currently describes UCM versions 8, 9, and 10 as impacted).

dileepkumar
Level 1
Level 1
In response to Kenneth Russell

‎10-06-2014 10:51 PM

Hi Kenneth,

I can see that Cisco has given more detail regarding the bash bug but I am still not able to find  the fix".cop" file for CUCM 8.6.2. Even I don't see any special link given on Cisco Website.

0 Helpful

Kenneth Russell
Cisco Employee
Cisco Employee
In response to dileepkumar

‎10-07-2014 06:27 AM

The Cisco Bash Code Injection Vulnerability Patch COP file for UCM is located under the various UCM versions (such as 8.6) in the "Unified Communications Manager / CallManager / Cisco Unity Connection Utilities " file section (the COP file is the same for all UCM versions):

 

http://software.cisco.com/download/release.html?mdfid=283782839&flowid=45898&softwareid=282204704&release=COP-Files&relind=AVAILABLE&rellifecycle=&reltype=latest

kasper123
Level 4
Level 4
In response to Kenneth Russell

‎10-07-2014 06:34 AM

Hi,

Is there a fix for CUCM version: 8.0.3.20000-2 available?

0 Helpful

NICNGUYEN
Level 1
Level 1
In response to kasper123

‎10-07-2014 06:58 AM

Unfortunately according to the CSCur00930 the CUCM 8.0 won't get a fix as this version is still supported without any further correction.

Fix should be made available from 8.5 version:

Release 8.5.1 - first fixed release is TBD
Release 8.6.2 - first fixed release is TBD
Release 9.1.2 - first fixed release is TBD
Release 10.0.1 - first fixed release is TBD
Release 10.5.1 - first fixed release is TBD

0 Helpful

dileepkumar
Level 1
Level 1
In response to Kenneth Russell

‎10-08-2014 04:15 AM

Hi Kenneth,

Thanks for your reply. Is this "bash vulnerability"? also affecting other UC products (ie: Contact Center or Presence). If yes, I did not find patch on cisco website.

0 Helpful

Kenneth Russell
Cisco Employee
Cisco Employee
In response to dileepkumar

‎10-08-2014 07:28 AM

To check products affected, please reference the PSIRT Security Advisory:

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140926-bash

 

For UCCX and IM&P, note that they are listed in the "Vulnerable Products" section. The defects shown for those respective products will updated as patches are posted, once they complete testing.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents