Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
998
Views
0
Helpful
2
Replies

CSCvq58235 - Cisco Unified Contact Center Express Remote Code Execution Vulnerability - 1

lior look
Level 5
Level 5

‎06-01-2020 08:47 PM

hi guys these following are answers from TAC

maybe you can find it helpful..

Q1: Which version should one upgrade to get a complete fix?

 

A: The customer should move to 12.0ES03 to get a complete fix for the vulnerability.

 

Q2: What versions are vulnerable?

 

A: All versions prior to 12.0ES03 are vulnerable. 12.5 is not impacted by this vulnerability.

 

Q3: What should a customer do if they don't wish to upgrade to 12.0ES03?

 

A: The customer should move to 1162ES06 to get a fix for defect CSCvq58289 [Bug-Preview for CSCvq58289] and block port 6999 on the firewall. The port should be blocked towards both UCCX nodes if it is HA deployment.  (Blocking a port on firewall does ensure higher security but is not bullet proof solution if some attacker manages to get past the firewall)

 

Q4: What is the impact of blocking port 6999 on the firewall?

 

A: Port 6999 RMI is used for intracluster communication and also for clients like RTR, script editor. So if customers have RTR or script editor that communicates through the firewall they won't be able to use these clients.

 

Q5: Why defect CSCvq58235  fix can't be ported to 11.x?

 

A: Fixing the problem requires upgrading the apache common collection(ACC) libraries. UCCX 11.x has many components using ACC libraries, and this dependency for all components can not be fulfilled in version 11.6.2.

 

1 person had this problem
Labels:
0 Helpful
2 Replies 2

csrlima
Level 3
Level 3

‎06-15-2020 03:04 AM

Hi , so as far as i understand , if the UCCX is not exposed to external ( WAN or Internet) this problem is mitigate, and if we don’t have HA is more unlikely to have port 6999 open to internet and the attacker have to be inside the network . Is this correct?

I understand the gravity of the situation, but we are considering internally migrating our  affected customers, and in some cases it can be quite laborious, especially those that are prior to releases 12 because of the smart license, the migration from CAD to the finesse agent and maybe we have  to upgrade the CUCM / TSP.
So I ask the previous questions about the firewall port , to see if I can mitigate the problem in any customer.

Best Regards

0 Helpful

cisconextit
Level 1
Level 1

‎07-07-2020 05:34 AM - edited ‎07-07-2020 05:40 AM

We are facing the same situation and would like confirmation that if UCCX is not exposed to the external (WAN\Internet) with ports *6999* open this is only a vulnerability from the internal LAN. We are developing a project scope to have this upgrade completed but will be a lengthy process.

Please confirm if this is indeed the case.


Thank you!

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents