Solved: Multiple Vulnerabilities in Cisco Unified Communications Manager

dan hale · ‎07-22-2013

Hi All I'm running CUCM System version: 8.6.1.20000-1 and I'm trying to determine if I'm affected by this vulnerability.

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20130717-cucm

The above URL says that it affects 8.6(x) but when I read the "readme" file it says:

This package will install on the following System Versions:

-7.1.3.10000-xx or any higher version starting with 7.1.3.xxxxx
-7.1.5.10000-xx or any higher version starting with 7.1.5.xxxxx
-8.5.1.10000-xx or any higher version starting with 8.5.1.xxxxx
-8.6.2.10000-xx or any higher version starting with 8.6.2.xxxxx
-9.1.1.10000-xx or any higher version starting with 9.1.1.xxxxx

http://www.cisco.com/web/software/282204704/18582/ReadmeForBlindSQLinjectionCOPfile.pdf

Is 8.6.1 excluded from this patch? Should I not worry?

I'm a little confused...

Thanks,

Dan

Rob Huffman · ‎07-23-2013

Hi Dan,

The way I read this is, that you are vulnerable but they

didn't build a patch for your version I would go ahead

and open a TAC case here just to be safe.

Cheers!

Rob

"I don't know how, I don't know when
But you and I will meet again "

- Tom Petty

View solution in original post

Rob Huffman · ‎07-23-2013