Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
470
Views
5
Helpful
4
Replies

cisco ip telephony products vulnerability

Go to solution
Bekzod Fakhriddinov
Level 4
Level 4

‎03-14-2017 06:47 AM - edited ‎03-17-2019 09:48 AM

Hi guys. I was looking for cisco bug reports to find  of cisco ip telephony products exposure  to this vulnerability "Jakarta multipart parser used in Apache Struts2 : On March 7th Apache issued an emergency security alert as a component of the Apache Struts application was exposing a high-risk remote command execution vulnerability (CVE-2017-5638)[1].

The vulnerability allows an attacker to include code in the "Content-Type" header of an HTTP request [2] to exploit the vulnerable 'Jakarta' (multi-part parser) java class, which is used within an application for file uploads. This vulnerability can allow an unauthenticated remote attacker to take control of a system." 

I found this :  Evaluation of ciscocm for struts2-jakarta rce vulnerability, CSCvd49840. 

We have 10.5 versions of CUCM,CUC, CUCM IM&P and Prime server .   CSCvd49840 report shows vulnerability  affects only 11 and 11.5 and nothing about 10.5 , does it mean 10.5 is not affected by this vulnerability ? 

Thank you 

P.S. Here is the link to the affected cisco products : https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170310-struts2

1 person had this problem
Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
HARIS_HUSSAIN
VIP Alumni
VIP Alumni

‎03-15-2017 07:04 AM

I can see that it says prior  releases of CUCM are not affected for CSCvd49840

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvd49840

Conditions:
Exposure is not configuration dependent.
This affects 11.0 and 11.5 releases only. Prior release are not affected

View solution in original post

4 Replies 4

Go to solution
Leo Laohoo
Hall of Fame
Hall of Fame

‎03-14-2017 03:16 PM

Phones don't run Apache so the phones ain't affected.  

Cisco, as of today (14 March 2017), is still investigating which product(s) are affected by this exploit.

Keep an eye out for the page (or get RSS) for update(s).

0 Helpful

Go to solution
Bekzod Fakhriddinov
Level 4
Level 4
In response to Leo Laohoo

‎03-15-2017 06:44 AM

Leo, thank you for respond, but nobody mentioned here that phones are running Apache.  CUCM,CUC, CUCM IM&P and Prime server may run Apache and might be affected . As you can see in the link above version 11 and 11.5 of this products are affected BUT Cisco is not clear if 10.5 has this vulnerability too . 

0 Helpful

Go to solution
HARIS_HUSSAIN
VIP Alumni
VIP Alumni

‎03-15-2017 07:04 AM

I can see that it says prior  releases of CUCM are not affected for CSCvd49840

https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvd49840

Conditions:
Exposure is not configuration dependent.
This affects 11.0 and 11.5 releases only. Prior release are not affected

Go to solution
Bekzod Fakhriddinov
Level 4
Level 4

‎03-15-2017 07:12 AM

thank you 

0 Helpful
Customers Also Viewed These Support Documents