Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1151
Views
0
Helpful
1
Replies

Cisco Unified Communications Manager IM&P Service, Cisco TelePresence VCS, and Cisco Expressway Series Denial of Service Vulnerability

Ciscollab_Amit
Level 4
Level 4

‎06-11-2019 12:36 AM

Hello guys,

There was recently a CSA published about a vulnerability in the authentication service of the Cisco Unified Communications Manager IM and Presence (Unified CM IM&P) Service, Cisco TelePresence Video Communication Server (VCS), and Cisco Expressway Series. This could allow an unauthenticated, remote attacker to cause a service outage for users attempting to authenticate, resulting in a denial of service (DoS) condition.

 

Advisory ID:
cisco-sa-20190605-cucm-imp-dos
 
They do mention the fixed software releases as well.
 
Cisco Unified CM IM&P Service Major Release First Fixed Release
 10.5(2) 11.5(1) SU6 or 12.5(1)
 11.5(1) 11.5(1) SU6
 12.0(1) 12.5(1)
 12.5(1) Not vulnerable

 

However it is a bit confusing to understand if this also affects other CUCM versions? One of my Customer has CUCM  IMP 11.0.1.23900-5. Can anyone suggest if this specific version is also affected?

 

Thanks,

Amit

0 Helpful
1 Reply 1

Mike_Brezicky
Cisco Employee
Cisco Employee

‎06-11-2019 05:01 AM

I believe this is for CVE-2019-1845. If the release is not mentioned in the affected releases, chances are it is safe, however I would always be pessimistic in security and feel if they did not listed, its just not confirmed YET. As the customer is already on 11.x, 11.5(1) SU6 is a simple and safe upgrade if they choose to do so. I would recommended upgrading anyway to get off a X.0 release.
0 Helpful
Customers Also Viewed These Support Documents