Hello guys,
There was recently a CSA published about a vulnerability in the authentication service of the Cisco Unified Communications Manager IM and Presence (Unified CM IM&P) Service, Cisco TelePresence Video Communication Server (VCS), and Cisco Expressway Series. This could allow an unauthenticated, remote attacker to cause a service outage for users attempting to authenticate, resulting in a denial of service (DoS) condition.
cisco-sa-20190605-cucm-imp-dos
They do mention the fixed software releases as well.
Cisco Unified CM IM&P Service Major Release First Fixed Release
10.5(2) | 11.5(1) SU6 or 12.5(1) |
11.5(1) | 11.5(1) SU6 |
12.0(1) | 12.5(1) |
12.5(1) | Not vulnerable |
However it is a bit confusing to understand if this also affects other CUCM versions? One of my Customer has CUCM IMP 11.0.1.23900-5. Can anyone suggest if this specific version is also affected?
Thanks,
Amit