cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1015
Views
1
Helpful
1
Replies

CSCwb37563 - CUCM SQL Injection Vulnerability

micro KA
Level 1
Level 1

Hi,
we are currently running Release 12.5(1)SU4 Unified Communications Manager 12.5.1.14900-63
I am wondering if the bug is fixed in the above mentioned release.
Hope I am not wrong, but one of the Known Affected Release is 12.5(1.10000.22), which seems to be a very old (first) release
and one the Known Fixed Releases is CCM.012.005(001.11170.001), which is a Engineering Special but looks for me older than  
Release 12.5(1)SU1 Unified Communications Manager 12.5.1.11900-146
Unfortunately it is currently not possible for us to upgrade to 12.5(1)SU7 on short term.
Does anybody know how to find out, if the bug is fixed in our current running version?
Thank´s in advance for a quick answer.

1 Reply 1

Vaijanath Sonvane
VIP Alumni
VIP Alumni

Hi @micro KA,

Cisco has released COP file for this vulnerability with more details in release notes. This vulnerability is affecting only below CUCM versions:

CUCM: 12.5.1.16900-48    (12.5SU6)     through         12.5.1.17088-1 (12.5SU7)

CUCM: 14.0.1.12900-161  (14SU2)        through         14.0.1.13024-1 (14SU3)

https://www.cisco.com/web/software/286319173/139477/ciscocm.V12.5.1SU6_CSCwb37205-CSCwb37563_C0184-1.k4.cop-Readme.pdf

https://www.cisco.com/web/software/286319173/139477/ciscocm.V14SU2_CSCwb37205-CSCwb37563_C0183-1.k4.cop-Readme.pdf

 

 

Please rate helpful posts and if applicable mark "Accept as a Solution".
Thanks, Vaijanath S.