06-20-2018 04:04 AM - edited 03-17-2019 01:03 PM
Can anyone point me in the direction for the COP file for V11.5(1)SU4 to resolve the Disk Utilization Denial of Service Vulnerability bug please as I am going round in circles!!!
I can fine the Release 11.5(1)SU4 at https://software.cisco.com/download/home/286306100/type/282074295/release/11.5%25281%2529SU4 but I can't see the update for this vulnerability dated for June 2018. Can anyone help please? Sue06-20-2018 05:10 AM
Hi there
Thanks for posting the vulnerability notes. I went through the advisory and the cop file is only for CER (ciscocm.cer_CSCvf64322.cop.sgn). All other products needs to be upgraded to the fixed version.
Cop file for CER
https://software.cisco.com/download/home/286288781/type/282074227/release/COP-Files
CUCM & SME
Unified Communications Manager Release |
First Fixed Release for This Vulnerability |
Prior to 10.0 |
Vulnerable; migrate to 10.5(2)SU5 or later |
10.0 |
Vulnerable; migrate to 10.5(2)SU5 or later |
10.5 |
10.5(2)SU5 |
11.0 |
11.0(1a)SU4 |
11.5 |
11.5(1)SU3 |
12.0 |
Not vulnerable |
CUCM IMP
Unified Communications Manager IM and Presence Service Release |
First Fixed Release for This Vulnerability |
Prior to 10.5 |
Vulnerable; migrate to 10.5.2 SU4 |
10.5 |
10.5.2SU4 |
11.0 |
Vulnerable; migrate to 11.5(1)SU4 |
11.5 |
11.5(1)SU4 |
CUC
Unity Connection Release |
First Fixed Release for This Vulnerability |
Prior to 10.5 |
Vulnerable; migrate to 10.5SU5 |
10.5 |
10.5SU5 |
11.0 |
Vulnerable; migrate to 11.5(1)SU3 |
11.5 |
11.5.1SU3 |
12.0 |
Not vulnerable |
UCCX
Unified Contact Center Express Release |
First Fixed Release for This Vulnerability |
Prior to 11.6 |
Vulnerable; migrate to 11.6(1) |
11.6 |
11.6(1) |
CUIC
Unified Intelligence Center Release |
First Fixed Release for This Vulnerability |
Prior to 11.6 |
Vulnerable; migrate to 11(6).1 |
11.6 |
11.6(1) |
CER
Emergency Responder Release |
First Fixed Release for This Vulnerability |
Prior to 10.5 |
Vulnerable; migrate to 10.5(1a) |
10.5 |
10.5(1a) (future release)1 |
11.0 |
Vulnerable; migrate to 11.5(4) |
11.5 |
11.5(4) |
12.0 |
12.0SU1 |
1The COP file ciscocm.cer_CSCvf64322.cop.sgn is available from the Software Center on Cisco.com.
FINESSE
Finesse Release |
First Fixed Release for This Vulnerability |
Prior to 11.6 |
Vulnerable; migrate to 11.6(1) |
11.6 |
11.6(1) |
HCMF
Hosted Collaboration Mediation Fulfillment Release |
First Fixed Release for This Vulnerability |
Prior to 11.5 |
Vulnerable; migrate to 11.5(3) |
11.5 |
11.5(3) |
MEDIASENSE
MediaSense Release |
First Fixed Release for This Vulnerability |
Prior to 11.5 |
Vulnerable; migrate to 11.5SU2 |
11.5 |
11.5SU2 |
PRIME COLLABORATION ASSURANCE
Prime Collaboration Assurance Release |
First Fixed Release for This Vulnerability |
Prior to 11.6 |
Vulnerable; migrate to 11.6 ES16 |
11.6 |
11.6 ES16 |
12.1 |
12.1 ES2 |
PRIME COLLABORATION PROVISONING
Prime Collaboration Provisioning Release |
First Fixed Release for This Vulnerability |
Prior to 12.5 |
Vulnerable; migrate to 12.5 |
12.5 |
12.5 |
PRIME LICENSE MANAGER
Prime License Manager Release |
First Fixed Release for This Vulnerability |
Prior to 10.5 |
Vulnerable; migrate to plm_10_5_2 - 10.5.2.13001-11 |
10.5 |
plm_10_5_2 - 10.5.2.13001-1 |
11.0 |
Vulnerable; migrate to plm_11_5_1 - 11.5.1.13001-11 |
11.5 |
plm_11_5_1 - 11.5.1.13001-1 |
SOCIAL MINER
SocialMiner Release |
First Fixed Release for This Vulnerability |
Prior to 11.6 |
Vulnerable; migrate to 11.6.1 |
11.6 |
11.6.1 |
VIRTUALIZED VOICE BROWSER
Virtualized Voice Browser Release |
First Fixed Release for This Vulnerability |
Prior to 11.6 |
Vulnerable; migrate to 11.6(1) |
11.6 |
11.6(1) |
Hope this helps!
Cheers
Rath!
***Please rate helpful posts***
06-20-2018 06:16 AM
Thank you for your reply but the COP file for Cisco Call Manager 11.5 is the one I need.
https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvd10872
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-diskdos
06-20-2018 07:21 AM
Hi there
But where is the cop file mentioned in that doc. the only cop I could find is for CER. Do you have the cop file name ?
Hope this helps!
Cheers
Rath!
***Please rate helpful posts***
06-20-2018 08:41 AM
The link you sent me took me to the Emergency Responder 11.5 page with "cer" downloads dated 2017.
The file i am trying to get is the one Cisco has apparently released(June 2018) to fix this disk utilization bug.
06-20-2018 08:59 AM
06-20-2018 09:55 AM
06-21-2018 12:27 AM
11.5.1.12900-21
06-21-2018 12:27 AM - edited 06-21-2018 12:48 AM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide