Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
595
Views
15
Helpful
5
Replies

Threat Advisory : Cisco Unified Contact Center Express Remote Code Execution Vulnerability

Go to solution
suresh.4.kumar
Level 1
Level 1

‎05-25-2020 10:06 PM

Hi Team,

 

I have came across this notification for UCCX, and seeking clarification on update software to fix this. Is fix update is not available for partners or we must need to open a TAC case to get the update software file ? We have one of the customer who is having EOL UCCX (e.g. 7.x and 8.6), is there any risk to install this update on these EOL UCCX.

 

Does UCCX require software upgrade as well or customer just need to install fix on existing UCCX with the help of TAC ?

 

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-uccx-rce-GMSC6RKN#fs

 

Suresh

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Roger Kallberg
VIP
VIP

‎05-25-2020 10:26 PM - edited ‎05-25-2020 10:30 PM

There is no separate fix for this vulnerability. You’d need to upgrade to the version listed in the table for pre 12 installations. For any upgrade you’d need to consult the appropriate documentation to find out the supported upgrade process and check compatibility matrix. An upgrade from such old version will require a substantial effort and involves multiple steps and systems, aka not only UCCX would need to be touched.



Response Signature


View solution in original post

5 Replies 5

Go to solution
Roger Kallberg
VIP
VIP

‎05-25-2020 10:26 PM - edited ‎05-25-2020 10:30 PM

There is no separate fix for this vulnerability. You’d need to upgrade to the version listed in the table for pre 12 installations. For any upgrade you’d need to consult the appropriate documentation to find out the supported upgrade process and check compatibility matrix. An upgrade from such old version will require a substantial effort and involves multiple steps and systems, aka not only UCCX would need to be touched.



Response Signature


Go to solution
suresh.4.kumar
Level 1
Level 1
In response to Roger Kallberg

‎05-25-2020 10:42 PM

Hi Roger,

 

Thanks for prompt reply. So in summary, does every customer need to upgrade/migrate their UCCX (pre 12.x) to UCCX 12.5 version ? 

 

 

0 Helpful

Go to solution
Roger Kallberg
VIP
VIP
In response to suresh.4.kumar

‎05-25-2020 10:49 PM

No that’s not what the table in the advisory says. There is a fixed 12.0 version. 12.5 is listed as not affected. So in summary you can upgrade to either the fixed 12.0 version or to 12.5.



Response Signature


Go to solution
suresh.4.kumar
Level 1
Level 1
In response to Roger Kallberg

‎05-25-2020 10:58 PM

I meant 12.x, we normally dont recommend first version of CUCM/UCCX (e.g. 10.0, 11.0, 12.0 etc) of major version series so I have mentioned12.5 :-) 

 

Anyway i got it. Thank you so much

0 Helpful

Go to solution
Konstantin Vaksin
Cisco Employee
Cisco Employee

‎05-25-2020 11:20 PM

EoL software is not supported anymore.

You have to push them for the upgrade to latest releases in order to supported by Cisco

Kostia
Customers Also Viewed These Support Documents