Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Upgraded C40 Codecs to latest TC software - do I use CUCM?

I am needing to upgrade our C40 codecs to patch the Bash vulnerability.  Currently they are all running TC5.1.3.292001.

 

I noticed at the download options for the C40 included a few options. 

 

1) Crypto and Non-crypto software.  The way I am reading this, this is only referring to the software itself, not any kind of options on the codec?

2) 'To be used with CUCM' - I am unsure how to verify this.  I inherited these devices with no documentation and the original vendor is pretty much useless.  Is there some way to verify this?  We do use CUCM, but to my knowledge, our phones cannot directly integrate with the TP system (we have MOVI clients for that).

Everyone's tags (1)
2 ACCEPTED SOLUTIONS

Accepted Solutions

Stuart,I don't believe Cisco

Stuart,

I don't believe Cisco has released a version of TC software that has the bash vulnerability fix.

The non-crypto software doesnt have any kind of SSL functionality on it - ie. encrypted signaling/media. Usually going with the crypto is safest bet unless you are from a country that has import restrictions.

CUCM - If your endpoints are registered to CUCM, then you would use the CUCM version of the file. This will be uploaded to the CUCM server itself by going to Install/Upgrade in Cisco OS Administration and restart the TFTP service. This way the file will be pushed down from the server when the codec is reset.

For non-CUCM, you use the other file and upload the .pkg file directly to the codecs. To me it seems like you have a VCS based deployment so the .pkg file is what you will use.

 

Please rate useful posts.
VIP Purple

Updated TC Software to

Updated TC Software to correct the BASH vulnerability hasn't been released yet.  You can take a look at the following bug, CSCur02591 for more details.

It shows the upcoming fixed versions to look for whenever they are released:

5.1.13, 6.0.4, 6.1.4, 6.3.3, 7.2.1

You can check whether or not you're using the encryption version of the TC software by logging into the web interface and looking at the software version, as well as through SSH by running the following command to check the software version: xStatus SystemUnit Software Version.  The encrypted version of the TC software will just be TC###, where as the non-encrypted version will appear as TCNC### (note the "NC" in the software version, noting it's "non-encrypted".

Since you specifically point out that you're using TC5.x software, it seems as if you're using the encrypted version.

4 REPLIES

Stuart,I don't believe Cisco

Stuart,

I don't believe Cisco has released a version of TC software that has the bash vulnerability fix.

The non-crypto software doesnt have any kind of SSL functionality on it - ie. encrypted signaling/media. Usually going with the crypto is safest bet unless you are from a country that has import restrictions.

CUCM - If your endpoints are registered to CUCM, then you would use the CUCM version of the file. This will be uploaded to the CUCM server itself by going to Install/Upgrade in Cisco OS Administration and restart the TFTP service. This way the file will be pushed down from the server when the codec is reset.

For non-CUCM, you use the other file and upload the .pkg file directly to the codecs. To me it seems like you have a VCS based deployment so the .pkg file is what you will use.

 

Please rate useful posts.
VIP Purple

Updated TC Software to

Updated TC Software to correct the BASH vulnerability hasn't been released yet.  You can take a look at the following bug, CSCur02591 for more details.

It shows the upcoming fixed versions to look for whenever they are released:

5.1.13, 6.0.4, 6.1.4, 6.3.3, 7.2.1

You can check whether or not you're using the encryption version of the TC software by logging into the web interface and looking at the software version, as well as through SSH by running the following command to check the software version: xStatus SystemUnit Software Version.  The encrypted version of the TC software will just be TC###, where as the non-encrypted version will appear as TCNC### (note the "NC" in the software version, noting it's "non-encrypted".

Since you specifically point out that you're using TC5.x software, it seems as if you're using the encrypted version.

New Member

Gentlemen, Thank you both. 

Gentlemen,

 

Thank you both.  We have conference phones in these rooms that are registered in CUCM but the codecs themselves are definitely not - I will wait for the patches for the non-CUCM software versions.

New Member

I recently uploaded the cop

**Deleted questions and started new thread**

550
Views
0
Helpful
4
Replies