Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1381
Views
0
Helpful
4
Replies

Upgraded C40 Codecs to latest TC software - do I use CUCM?

Go to solution
Stuart Butt
Level 1
Level 1

‎10-07-2014 06:40 AM - edited ‎03-18-2019 03:30 AM

I am needing to upgrade our C40 codecs to patch the Bash vulnerability.  Currently they are all running TC5.1.3.292001.

 

I noticed at the download options for the C40 included a few options. 

 

1) Crypto and Non-crypto software.  The way I am reading this, this is only referring to the software itself, not any kind of options on the codec?

2) 'To be used with CUCM' - I am unsure how to verify this.  I inherited these devices with no documentation and the original vendor is pretty much useless.  Is there some way to verify this?  We do use CUCM, but to my knowledge, our phones cannot directly integrate with the TP system (we have MOVI clients for that).

Labels:
0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
George Thomas
Level 10
Level 10

‎10-07-2014 09:38 AM

Stuart,

I don't believe Cisco has released a version of TC software that has the bash vulnerability fix.

The non-crypto software doesnt have any kind of SSL functionality on it - ie. encrypted signaling/media. Usually going with the crypto is safest bet unless you are from a country that has import restrictions.

CUCM - If your endpoints are registered to CUCM, then you would use the CUCM version of the file. This will be uploaded to the CUCM server itself by going to Install/Upgrade in Cisco OS Administration and restart the TFTP service. This way the file will be pushed down from the server when the codec is reset.

For non-CUCM, you use the other file and upload the .pkg file directly to the codecs. To me it seems like you have a VCS based deployment so the .pkg file is what you will use.

 

Please rate useful posts.

View solution in original post

0 Helpful

Go to solution
Patrick Sparkman
VIP Alumni
VIP Alumni
In response to George Thomas

‎10-07-2014 10:12 AM

Updated TC Software to correct the BASH vulnerability hasn't been released yet.  You can take a look at the following bug, CSCur02591 for more details.

It shows the upcoming fixed versions to look for whenever they are released:

5.1.13, 6.0.4, 6.1.4, 6.3.3, 7.2.1

You can check whether or not you're using the encryption version of the TC software by logging into the web interface and looking at the software version, as well as through SSH by running the following command to check the software version: xStatus SystemUnit Software Version.  The encrypted version of the TC software will just be TC###, where as the non-encrypted version will appear as TCNC### (note the "NC" in the software version, noting it's "non-encrypted".

Since you specifically point out that you're using TC5.x software, it seems as if you're using the encrypted version.

View solution in original post

0 Helpful
4 Replies 4

Go to solution
George Thomas
Level 10
Level 10

‎10-07-2014 09:38 AM

Stuart,

I don't believe Cisco has released a version of TC software that has the bash vulnerability fix.

The non-crypto software doesnt have any kind of SSL functionality on it - ie. encrypted signaling/media. Usually going with the crypto is safest bet unless you are from a country that has import restrictions.

CUCM - If your endpoints are registered to CUCM, then you would use the CUCM version of the file. This will be uploaded to the CUCM server itself by going to Install/Upgrade in Cisco OS Administration and restart the TFTP service. This way the file will be pushed down from the server when the codec is reset.

For non-CUCM, you use the other file and upload the .pkg file directly to the codecs. To me it seems like you have a VCS based deployment so the .pkg file is what you will use.

 

Please rate useful posts.
0 Helpful

Go to solution
Patrick Sparkman
VIP Alumni
VIP Alumni
In response to George Thomas

‎10-07-2014 10:12 AM

Updated TC Software to correct the BASH vulnerability hasn't been released yet.  You can take a look at the following bug, CSCur02591 for more details.

It shows the upcoming fixed versions to look for whenever they are released:

5.1.13, 6.0.4, 6.1.4, 6.3.3, 7.2.1

You can check whether or not you're using the encryption version of the TC software by logging into the web interface and looking at the software version, as well as through SSH by running the following command to check the software version: xStatus SystemUnit Software Version.  The encrypted version of the TC software will just be TC###, where as the non-encrypted version will appear as TCNC### (note the "NC" in the software version, noting it's "non-encrypted".

Since you specifically point out that you're using TC5.x software, it seems as if you're using the encrypted version.

0 Helpful

Go to solution
Stuart Butt
Level 1
Level 1
In response to George Thomas

‎10-07-2014 01:19 PM

Gentlemen,

 

Thank you both.  We have conference phones in these rooms that are registered in CUCM but the codecs themselves are definitely not - I will wait for the patches for the non-CUCM software versions.

0 Helpful

Go to solution
Darin Walker
Level 1
Level 1

‎12-25-2014 06:09 PM

**Deleted questions and started new thread**

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents