https://community.cisco.com/t5/collaboration-applications/how-to-address-some-vulnerabilities-in-cisco-collaboration-apps/m-p/3870682#M40053 <P>&nbsp;</P><P>Also I checked the procedure of changing the cipher suite but it is not applicable in my CM OS<BR />1- From Cisco Unified OS Administration, choose Security &gt; Cipher Management. (this is not available option)<BR />please check attached</P> Tue, 11 Jun 2019 06:20:56 GMT engreda22 2019-06-11T06:20:56Z https://community.cisco.com/t5/collaboration-applications/how-to-address-some-vulnerabilities-in-cisco-collaboration-apps/m-p/3870231#M40044 <P>Dear All ,</P><P>As result of PCI , I have to address vulnerabilities related to cucm , cuc and ccx as listed below</P><P><STRONG>1- OpenSSH &lt; 7.0 Multiple Vulnerabilities :-</STRONG></P><P>OpenSSH contains a vulnerability which can allow a remote attacker to bypass the XSECURITY restrictions when forwarding X11 connections by making use of an ineffective<BR />timeout check.</P><P><U><EM>need to upgrade to ssh &gt;7</EM></U><BR /><STRONG>2- Triple DES Birthday Attack Vulnerability (Sweet32) :-</STRONG></P><P>The Triple-DES cipher algorithm contains a vulnerability which can allow an attacker to recover secure HTTP cookies when performing a man-in-the-middle attack.</P><P><U><EM>need to&nbsp;Disable Triple-DES Ciphers on the system</EM></U></P><P>&nbsp;</P><P>please let me know how to fix those two vulnerabilities</P><P>cucm ver 12.0.1</P><P>thanks</P><P>&nbsp;</P> Mon, 10 Jun 2019 10:51:21 GMT https://community.cisco.com/t5/collaboration-applications/how-to-address-some-vulnerabilities-in-cisco-collaboration-apps/m-p/3870231#M40044 engreda22 2019-06-10T10:51:21Z https://community.cisco.com/t5/collaboration-applications/how-to-address-some-vulnerabilities-in-cisco-collaboration-apps/m-p/3870306#M40045 What are the CVE identifiers for the vulnerabilities identified? Has Cisco published a PSIRT for that CVE with stated plans how they intend to address it?<BR /><A href="https://tools.cisco.com/security/center/publicationListing.x" target="_blank">https://tools.cisco.com/security/center/publicationListing.x</A><BR /><BR />As for the cipher suites, you can now adjust them in CUCM 12.0 but doing so comes with a big warning that you are responsible for testing/qualifying every component in your solution supports stronger ciphers than the ones you disable. Older phones and gateways will be the most likely problematic points.<BR /><A href="https://www.cisco.com/c/en/us/td/docs/voice_ip_comm/cucm/security/12_5_1/cucm_b_security-guide-1251/cucm_b_security-guide-1251_chapter_01.html#reference_68972012B0460E00571F79B1735FC5E9" target="_blank">https://www.cisco.com/c/en/us/td/docs/voice_ip_comm/cucm/security/12_5_1/cucm_b_security-guide-1251/cucm_b_security-guide-1251_chapter_01.html#reference_68972012B0460E00571F79B1735FC5E9</A> Mon, 10 Jun 2019 14:01:52 GMT https://community.cisco.com/t5/collaboration-applications/how-to-address-some-vulnerabilities-in-cisco-collaboration-apps/m-p/3870306#M40045 Jonathan Schulenberg 2019-06-10T14:01:52Z https://community.cisco.com/t5/collaboration-applications/how-to-address-some-vulnerabilities-in-cisco-collaboration-apps/m-p/3870681#M40052 <P>Thanks Jonathan for your reply.<BR />The CVE of the first vulnerability is CVE-2015-5352 and recorded in non-Cisco product<BR /><A href="https://tools.cisco.com/security/center/viewAlert.x?alertId=41120" target="_blank">https://tools.cisco.com/security/center/viewAlert.x?alertId=41120</A><BR /><A href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5352" target="_blank">https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5352</A><BR />However in PCI scan report it shows in cisco unity and as attached.</P> Tue, 11 Jun 2019 06:20:21 GMT https://community.cisco.com/t5/collaboration-applications/how-to-address-some-vulnerabilities-in-cisco-collaboration-apps/m-p/3870681#M40052 engreda22 2019-06-11T06:20:21Z https://community.cisco.com/t5/collaboration-applications/how-to-address-some-vulnerabilities-in-cisco-collaboration-apps/m-p/3870682#M40053 <P>&nbsp;</P><P>Also I checked the procedure of changing the cipher suite but it is not applicable in my CM OS<BR />1- From Cisco Unified OS Administration, choose Security &gt; Cipher Management. (this is not available option)<BR />please check attached</P> Tue, 11 Jun 2019 06:20:56 GMT https://community.cisco.com/t5/collaboration-applications/how-to-address-some-vulnerabilities-in-cisco-collaboration-apps/m-p/3870682#M40053 engreda22 2019-06-11T06:20:56Z