Is there any updates on this

Erick Bergquist · ‎04-11-2017

Does anyone have a update on when the Call Manager 11.0 and 11.5 apache struts2 patch will be out?

Call Manager bug is CSCvd49840

Unity Connection bug is CSCvd49841

The notice has March 31st for call manager but I am not finding 11.5.1.13900 version on CCO or any cop files. Probably will be 11.5.1 SU3?

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170310-struts2

Thanks, Erick

Jaime Valencia · ‎04-11-2017

Right now you'd need to reach out to TAC so they can publish the ES with the fix, otherwise, you'd need to wait until they post the SU with the fix, or a standalone COP with the fix, not sure which option the BU will use.

HTH

java

if this helps, please rate

Mike Sampson · ‎06-06-2017

Is there any updates on this issue? The latest cop file I can find for Unity/CUCM is 11.5.1.12900-21. I have found separate patches fix this vulnerability:

Unity : COP file to address CSCvd49841 in Unity Connection 11.5(1).
ciscocm.11_5_struts_2_3_32_upgrade.cop.sgn

CUCM: Rev 2 of COP file to address CSCvd49840 in CUCM 11.5(1).
ciscocm.11_5_struts_2_3_32_upgrade_v2.cop.sgn

What is the best upgrade path for a 10.5.2 system:

Upgrade 10.5.2 to 11.5.1.12900

Then upgrade ciscocm.11_5_struts_2_3_32_upgrade?

Thanks,

christopherlawrence · ‎10-06-2017

Hi

Does the 12.0.1 release include this vunerability fix?

Thanks

Chris

Rob Huffman · ‎10-06-2017

Hi Chris,

Yes, this bug/vulnerability is fixed with the release of CUCM 12.0.1 ( Cisco Unified Communications Manager 12.0(1), also known as 12.0.1.10000-10)

Cheers!

Rob

christopherlawrence · ‎10-06-2017

Cheers Rob!

Call Manager and Unity Connection Apache Struts2 fix / patch