09-29-2014 07:39 AM - last edited on 03-25-2019 08:31 PM by ciscomoderator
I read CSCur00930 and also Advisory ID: cisco-sa-20140926-bash.
It has several versions of CUCM listed as affected, and also some that are unaffected.
Can someone tell me whether CUCM version 8.0.3.20000-2 is affected by this bug as I can't find it on the lists in the advisory?
Regards.
09-30-2014 07:38 AM
Yes, 8.0.3.20000-2 is affected. We are working to make that more clear in the details of CSCur00930 (currently describes UCM versions 8, 9, and 10 as impacted).
10-06-2014 10:51 PM
Hi Kenneth,
I can see that Cisco has given more detail regarding the bash bug but I am still not able to find the fix".cop" file for CUCM 8.6.2. Even I don't see any special link given on Cisco Website.
10-07-2014 06:27 AM
The Cisco Bash Code Injection Vulnerability Patch COP file for UCM is located under the various UCM versions (such as 8.6) in the "Unified Communications Manager / CallManager / Cisco Unity Connection Utilities " file section (the COP file is the same for all UCM versions):
http://software.cisco.com/download/release.html?mdfid=283782839&flowid=45898&softwareid=282204704&release=COP-Files&relind=AVAILABLE&rellifecycle=&reltype=latest
10-07-2014 06:34 AM
Hi,
Is there a fix for CUCM version: 8.0.3.20000-2 available?
10-07-2014 06:58 AM
Unfortunately according to the CSCur00930 the CUCM 8.0 won't get a fix as this version is still supported without any further correction.
Fix should be made available from 8.5 version:
Release 8.5.1 - first fixed release is TBD
Release 8.6.2 - first fixed release is TBD
Release 9.1.2 - first fixed release is TBD
Release 10.0.1 - first fixed release is TBD
Release 10.5.1 - first fixed release is TBD
10-08-2014 04:15 AM
Hi Kenneth,
Thanks for your reply. Is this "bash vulnerability"? also affecting other UC products (ie: Contact Center or Presence). If yes, I did not find patch on cisco website.
10-08-2014 07:28 AM
To check products affected, please reference the PSIRT Security Advisory:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140926-bash
For UCCX and IM&P, note that they are listed in the "Vulnerable Products" section. The defects shown for those respective products will updated as patches are posted, once they complete testing.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide