cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
449
Views
15
Helpful
5
Replies

Threat Advisory : Cisco Unified Contact Center Express Remote Code Execution Vulnerability

suresh.4.kumar
Beginner
Beginner

Hi Team,

 

I have came across this notification for UCCX, and seeking clarification on update software to fix this. Is fix update is not available for partners or we must need to open a TAC case to get the update software file ? We have one of the customer who is having EOL UCCX (e.g. 7.x and 8.6), is there any risk to install this update on these EOL UCCX.

 

Does UCCX require software upgrade as well or customer just need to install fix on existing UCCX with the help of TAC ?

 

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-uccx-rce-GMSC6RKN#fs

 

Suresh

1 Accepted Solution

Accepted Solutions

Roger Kallberg
VIP Expert VIP Expert
VIP Expert

There is no separate fix for this vulnerability. You’d need to upgrade to the version listed in the table for pre 12 installations. For any upgrade you’d need to consult the appropriate documentation to find out the supported upgrade process and check compatibility matrix. An upgrade from such old version will require a substantial effort and involves multiple steps and systems, aka not only UCCX would need to be touched.



Response Signature


View solution in original post

5 Replies 5

Roger Kallberg
VIP Expert VIP Expert
VIP Expert

There is no separate fix for this vulnerability. You’d need to upgrade to the version listed in the table for pre 12 installations. For any upgrade you’d need to consult the appropriate documentation to find out the supported upgrade process and check compatibility matrix. An upgrade from such old version will require a substantial effort and involves multiple steps and systems, aka not only UCCX would need to be touched.



Response Signature


Hi Roger,

 

Thanks for prompt reply. So in summary, does every customer need to upgrade/migrate their UCCX (pre 12.x) to UCCX 12.5 version ? 

 

 

No that’s not what the table in the advisory says. There is a fixed 12.0 version. 12.5 is listed as not affected. So in summary you can upgrade to either the fixed 12.0 version or to 12.5.



Response Signature


I meant 12.x, we normally dont recommend first version of CUCM/UCCX (e.g. 10.0, 11.0, 12.0 etc) of major version series so I have mentioned12.5 :-) 

 

Anyway i got it. Thank you so much

Konstantin Vaksin
Cisco Employee
Cisco Employee
EoL software is not supported anymore.

You have to push them for the upgrade to latest releases in order to supported by Cisco

Kostia
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Recognize Your Peers