Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Is CUCM version: 8.0.3.20000-2 affected buy the bash bug - Shellshock

I read CSCur00930 and also Advisory ID: cisco-sa-20140926-bash.

It has several versions of CUCM listed as affected, and also some that are unaffected.

Can someone tell me whether CUCM version 8.0.3.20000-2 is affected by this bug as I can't find it on the lists in the advisory?

 

Regards. 

Everyone's tags (1)
7 REPLIES
Cisco Employee

Yes, 8.0.3.20000-2 is

Yes, 8.0.3.20000-2 is affected. We are working to make that more clear in the details of CSCur00930 (currently describes UCM versions 8, 9, and 10 as impacted).

New Member

Hi Kenneth,I can see that

Hi Kenneth,

I can see that Cisco has given more detail regarding the bash bug but I am still not able to find  the fix".cop" file for CUCM 8.6.2. Even I don't see any special link given on Cisco Website.

Cisco Employee

The Cisco Bash Code Injection

The Cisco Bash Code Injection Vulnerability Patch COP file for UCM is located under the various UCM versions (such as 8.6) in the "Unified Communications Manager / CallManager / Cisco Unity Connection Utilities " file section (the COP file is the same for all UCM versions):

 

http://software.cisco.com/download/release.html?mdfid=283782839&flowid=45898&softwareid=282204704&release=COP-Files&relind=AVAILABLE&rellifecycle=&reltype=latest

New Member

Hi,Is there a fix for CUCM

Hi,

Is there a fix for CUCM version: 8.0.3.20000-2 available?

New Member

Unfortunately according to

Unfortunately according to the CSCur00930 the CUCM 8.0 won't get a fix as this version is still supported without any further correction.

Fix should be made available from 8.5 version:

Release 8.5.1 - first fixed release is TBD
Release 8.6.2 - first fixed release is TBD
Release 9.1.2 - first fixed release is TBD
Release 10.0.1 - first fixed release is TBD
Release 10.5.1 - first fixed release is TBD

New Member

Hi Kenneth,Thanks for your

Hi Kenneth,

Thanks for your reply. Is this "bash vulnerability"? also affecting other UC products (ie: Contact Center or Presence). If yes, I did not find patch on cisco website.

Cisco Employee

To check products affected,

To check products affected, please reference the PSIRT Security Advisory:

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140926-bash

 

For UCCX and IM&P, note that they are listed in the "Vulnerable Products" section. The defects shown for those respective products will updated as patches are posted, once they complete testing.

721
Views
20
Helpful
7
Replies
CreatePlease login to create content