cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1187
Views
5
Helpful
3
Comments
Manish Gogna
Cisco Employee
Cisco Employee

Since a lot of queries are coming up regarding the Bash bug, posting the bug link for the same here

https://tools.cisco.com/bugsearch/bug/CSCur00930/?reffering_site=dumpcr

Symptoms:
The Cisco Unified Communications Manager (UCM) 10.0 includes a version of bash that is affected by the vulnerabilities
identified by the Common Vulnerability and Exposures (CVE) IDs:

CVE-2014-6271
CVE-2014-7169

This bug has been opened to address the potential impact on this product.

Conditions:
Devices with default configuration.

Workaround:
Not available.

Further Problem Description:
PSIRT Evaluation:
The Cisco PSIRT has assigned this bug the following CVSS version 2 score. The Base and Temporal CVSS scores as of the time of evaluation are 7.5/7.5:

https://intellishield.cisco.com/security/alertmanager/cvssCalculator.do?dispatch=1&version=2&vector=AV:N/AC:L/Au:N/C:P/I:P/A:P/E:H/RL:U/RC:C

The Cisco PSIRT has assigned this score based on information obtained from multiple sources. This includes the CVSS score assigned by the third-party vendor when available. The CVSS score assigned may not reflect the actual impact on the Cisco Product.

Additional information on Cisco's security vulnerability policy can be found at the following URL:

http://www.cisco.com/web/about/security/psirt/security_vulnerability_policy.html

Comments
Aman Soi
Advisor
Advisor

Hi Manish,

I could find ciscocm.bashupgrade.cop.sgn available on below Cisco site

http://software.cisco.com/download/release.html?mdfid=284603371&softwareid=282204704&release=COP-Files&flowid=45680

Any advise how do we proceed to exexcute this cop file , we have got CUCM 9.1(2)SU1?

 

regds,

aman

Manish Gogna
Cisco Employee
Cisco Employee

Hi Aman,

The installation requirements and process for the same is outlined in the read me file here

http://www.cisco.com/web/software/282204704/18582/CiscoBashCodeInjectionVulnerabilityPatchv2.pdf

HTH

Manish

 

Aman Soi
Advisor
Advisor

Thanks Manish for the same[+5].

Let me take call with customer so that we can apply the same.

there is a similar discussion in which show tech version is being discussed .

https://supportforums.cisco.com/discussion/12311531/cucm-shellshock-versions#comment-9986951

Any idea if we could check something related to bash.

regds,

aman

 

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Quick Links