cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2982
Views
0
Helpful
9
Replies

Cisco Unity Connection CUC Reset PIN Not Authorized Error

milkboy33
Level 1
Level 1

Hi All,

   So we ran into this strange problem with our CUC 8.6. We have techs assigned to the Helpdesk role. They can reset the Voicemail PINs for almost all users save for a handful. When they attempt to reset the PINs for these users they get a Not Authorized error. What could be the cause of this?

Thanks,

Tom

9 Replies 9

davrojas
Level 3
Level 3

Hello Tom,

Probably those handful of users that cannot be reset have higher Roles as Admin or Audit and therefore you cannot change them.

Hmm, we checked his roles and indeed he has the Helpdesk role and the other user has no roles. Funny thing too we just noticed is that this particular Helpdesk tech cannot modify other Helpdesk techs PINS, but they *can modify his..

Nadeem Ahmed
Cisco Employee
Cisco Employee

Hello

Can you please check the user privilleges and try Assign system administrator role for the account  to allow the reset/modify the operation .

Br,

Nadeem

Br, Nadeem Please rate all useful post.

Hi Nadeem, unfortunately we cannot assign him systems admin role, he's with our helpdesk group. My account as a system admin has not issues resetting users PINs.

Hi Tom,

Check some of these out:

Some existing bugs>

CSCtn59526    CUC - Account with User Administrator role cannot delete users 

CSCtd45141    Cisco Unity Privilege Escalation Vulnerability 

CSCsl92087 (registered customers only) —CUC 2.0 Helpdesk Administrator Role does not allow
user to unlock accounts

#DavvID

look like to me issue with this , an DDTs was opened to addressed to Vulnerability, may that's the reason HELPDESK not able to change the same. there is no workaround to this.

Cisco Unity Privilege Escalation Vulnerability

CSCtd45141

Cisco Unity Connection contains two vulnerabilities:

Cisco Unity Connection Privilege Escalation Vulnerability
Cisco Unity Connection Denial of Service Vulnerability

Exploitation  of the Cisco Unity Connection Privilege Escalation Vulnerability may  allow an authenticated, remote attacker to elevate privileges
and obtain full access to the affected system.

Exploitation  of the Cisco Unity Connection Denial of Service Vulnerability  may  allow an unauthenticated, remote attacker to cause system
services to terminate unexpectedly, which may result in a denial of service condition.
Cisco  has released free software updates that address these vulnerabilities.  There are no workarounds that mitigate these vulnerabilities.


Br,
Nadeem 

Please rate all useful post.

Br, Nadeem Please rate all useful post.

Awesome thank you everyone for your response.

A somewhat related question:

   Of the roles in CUC 8.6:

     Audio Text Admin

     Audit Admin

     Greeting Admin

     Help Desk Admin

     Mailbox Access Delegate

     Remote Admin

     System Admin

     Technician   

     User Admin

Which of these roles can a Helpdesk Admin role user be able to change their PINs?

Thanks!

Tom

Hi Tom,

If you check the guide the Help Desk is more than enough to change PIN's, however there is a catch, you cannot change them for users that have higher privileges otherwise it would be a Privilege Escalation:

Some existing bugs>

CSCtn59526    CUC - Account with User Administrator role cannot delete users 

  • CSCtd45141    Cisco Unity Privilege Escalation Vulnerability
CSCsl92087 (registered customers only) —CUC 2.0 Helpdesk Administrator Role does not allow
user to unlock accounts

Help Desk Administrator

This role allows an administrator to reset user passwords and PINs, unlock user accounts, and view user setting pages.

Note The "Manage Call Handlers Belonging To Users Only - View Only" privilege refers to the primary call handler assigned to a user that include all greetings, transfer rules, and menu entries that you see on the User's page under the Roles section.

http://www.cisco.com/en/US/docs/voice_ip_comm/connection/8x/user_mac/guide/8xcucmac020.html#wp1051700

You mentioned "for almost all users save for a handful", due to the escalation issue this would be expected unless you assign the Help Desk role the same or higher privileges than of those who they are wishing to change.

#DavvID

David,

  Thanks for the response.

  So how can we assign the Help Desk role higher privileges than the User Administrator and Greetings Administrator roles?

Thanks,

Tom

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: