cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
792
Views
0
Helpful
8
Replies

Multiple Cisco Products Disk Utilization Denial of Service Vulnerability CSCvd10872

Sue Fallon
Level 1
Level 1

Can anyone point me in the direction for the COP file for V11.5(1)SU4 to resolve the Disk Utilization Denial of Service Vulnerability bug please as I am going round in circles!!! 

I can fine the Release 11.5(1)SU4 at https://software.cisco.com/download/home/286306100/type/282074295/release/11.5%25281%2529SU4 but I can't see the update for this vulnerability dated for June 2018. Can anyone help please? Sue
8 Replies 8

Ratheesh Kumar
VIP Alumni
VIP Alumni

Hi there

 

Thanks for posting the vulnerability notes. I went through the advisory and the cop file is only for CER (ciscocm.cer_CSCvf64322.cop.sgn). All other products needs to be upgraded to the fixed version.

 

Cop file for CER

https://software.cisco.com/download/home/286288781/type/282074227/release/COP-Files

 

CUCM & SME

 

Unified Communications Manager Release 

First Fixed Release for This Vulnerability 

Prior to 10.0

Vulnerable; migrate to 10.5(2)SU5 or later

10.0

Vulnerable; migrate to 10.5(2)SU5 or later

10.5

10.5(2)SU5 

11.0

11.0(1a)SU4

11.5

11.5(1)SU3 

12.0

Not vulnerable

 

 

CUCM IMP

 

Unified Communications Manager IM and Presence Service Release

First Fixed Release for This Vulnerability 

Prior to 10.5

Vulnerable; migrate to 10.5.2 SU4

10.5

10.5.2SU4 

11.0

Vulnerable; migrate to 11.5(1)SU4

11.5

11.5(1)SU4

 

 

CUC

 

Unity Connection Release

First Fixed Release for This Vulnerability 

Prior to 10.5

Vulnerable; migrate to 10.5SU5

10.5

10.5SU5

11.0

Vulnerable; migrate to 11.5(1)SU3

11.5

11.5.1SU3

12.0

Not vulnerable

 

UCCX

 

Unified Contact Center Express Release

First Fixed Release for This Vulnerability 

Prior to 11.6

Vulnerable; migrate to 11.6(1)

11.6

11.6(1)

 

 

CUIC

 

Unified Intelligence Center Release

First Fixed Release for This Vulnerability 

Prior to 11.6

Vulnerable; migrate to 11(6).1

11.6

11.6(1)

 

CER

 

Emergency Responder Release

First Fixed Release for This Vulnerability

Prior to 10.5

Vulnerable; migrate to 10.5(1a) 

10.5

10.5(1a) (future release)1

11.0

Vulnerable; migrate to 11.5(4)

11.5

11.5(4)

12.0

12.0SU1

 

 

1The COP file ciscocm.cer_CSCvf64322.cop.sgn is available from the Software Center on Cisco.com.

 

 

FINESSE

 

Finesse Release

First Fixed Release for This Vulnerability

Prior to 11.6

Vulnerable; migrate to 11.6(1)

11.6

11.6(1)

 

 

HCMF

 

Hosted Collaboration Mediation Fulfillment Release

First Fixed Release for This Vulnerability 

Prior to 11.5

Vulnerable; migrate to 11.5(3)

11.5

11.5(3) 

 

 

MEDIASENSE

MediaSense Release

First Fixed Release for This Vulnerability 

Prior to 11.5

Vulnerable; migrate to 11.5SU2

11.5

11.5SU2

 

 

PRIME COLLABORATION ASSURANCE

Prime Collaboration Assurance Release

First Fixed Release for This Vulnerability 

Prior to 11.6

Vulnerable; migrate to 11.6 ES16

11.6

11.6 ES16

12.1

12.1 ES2

 

 

PRIME COLLABORATION PROVISONING

 

Prime Collaboration Provisioning Release

First Fixed Release for This Vulnerability 

Prior to 12.5

Vulnerable; migrate to 12.5

12.5

12.5

 

 

PRIME LICENSE MANAGER

 

Prime License Manager Release

First Fixed Release for This Vulnerability 

Prior to 10.5

Vulnerable; migrate to plm_10_5_2 - 10.5.2.13001-11

10.5

plm_10_5_2 - 10.5.2.13001-1

11.0

Vulnerable; migrate to plm_11_5_1 - 11.5.1.13001-11

11.5

plm_11_5_1 - 11.5.1.13001-1

 

 

SOCIAL MINER

 

SocialMiner Release

First Fixed Release for This Vulnerability 

Prior to 11.6

Vulnerable; migrate to 11.6.1

11.6

11.6.1

 

VIRTUALIZED VOICE BROWSER

 

Virtualized Voice Browser Release

First Fixed Release for This Vulnerability 

Prior to 11.6

Vulnerable; migrate to 11.6(1)

11.6

11.6(1)

 

 

Hope this helps!

Cheers
Rath!


***Please rate helpful posts***

 

 

 

 

 

Sue Fallon
Level 1
Level 1

Hi there

 

But where is the cop file mentioned in that doc. the only cop I could find is for CER. Do you have the cop file name ?

 

Hope this helps!

Cheers
Rath!


***Please rate helpful posts***

The link you sent me took me to the Emergency Responder 11.5 page with "cer" downloads dated 2017.

The file i am trying to get is the one Cisco has apparently released(June 2018) to fix this disk utilization bug.

What's the current version you are running now ?


Hope this Helps
Cheers
Rath!

***Please rate helpful posts***



Are you looking for this file
 
ciscocm.CSCvg22923-v1.2.k3.cop.sgn
 
 
COP file to address "CSCvg22923: CUCM unauthorized access vulnerability" on 10x to 12x systems.
 
 
 
 
Hope this Helps
Cheers
Rath!
 
***Please rate helpful posts***
 

11.5.1.12900-21

 
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: