05-25-2020 10:06 PM
Hi Team,
I have came across this notification for UCCX, and seeking clarification on update software to fix this. Is fix update is not available for partners or we must need to open a TAC case to get the update software file ? We have one of the customer who is having EOL UCCX (e.g. 7.x and 8.6), is there any risk to install this update on these EOL UCCX.
Does UCCX require software upgrade as well or customer just need to install fix on existing UCCX with the help of TAC ?
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-uccx-rce-GMSC6RKN#fs
Suresh
Solved! Go to Solution.
05-25-2020 10:26 PM - edited 05-25-2020 10:30 PM
There is no separate fix for this vulnerability. You’d need to upgrade to the version listed in the table for pre 12 installations. For any upgrade you’d need to consult the appropriate documentation to find out the supported upgrade process and check compatibility matrix. An upgrade from such old version will require a substantial effort and involves multiple steps and systems, aka not only UCCX would need to be touched.
05-25-2020 10:26 PM - edited 05-25-2020 10:30 PM
There is no separate fix for this vulnerability. You’d need to upgrade to the version listed in the table for pre 12 installations. For any upgrade you’d need to consult the appropriate documentation to find out the supported upgrade process and check compatibility matrix. An upgrade from such old version will require a substantial effort and involves multiple steps and systems, aka not only UCCX would need to be touched.
05-25-2020 10:42 PM
Hi Roger,
Thanks for prompt reply. So in summary, does every customer need to upgrade/migrate their UCCX (pre 12.x) to UCCX 12.5 version ?
05-25-2020 10:49 PM
No that’s not what the table in the advisory says. There is a fixed 12.0 version. 12.5 is listed as not affected. So in summary you can upgrade to either the fixed 12.0 version or to 12.5.
05-25-2020 10:58 PM
I meant 12.x, we normally dont recommend first version of CUCM/UCCX (e.g. 10.0, 11.0, 12.0 etc) of major version series so I have mentioned12.5 :-)
Anyway i got it. Thank you so much
05-25-2020 11:20 PM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide