Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
924
Views
5
Helpful
4
Replies

Cisco Unified Communications Manager Cross-Site Scripting Vulnerability

Go to solution
Gilmar Silva
Level 1
Level 1

‎01-04-2018 08:16 AM - edited ‎03-19-2019 01:02 PM

Hello Community,


A customer is concerned about a security advisory (link bellow), but the related bug (CSCvf79346) is not acessible in the bug search tool.


https://www.cisco.com/c/en/us/support/docs/csa/cisco-sa-20171129-cucm.html?dtid=osscdc000283

Someone knows if is the version 10.5.2.12900-14 affected (or if it already have a fixed release)?

Thank you,

Gilmar Silva

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Jaime Valencia
Cisco Employee
Cisco Employee

‎01-04-2018 10:58 AM

The bug does have a lot more info, however, as it's not publicly available, you'd need to reach out to your SE or open a TAC so more information can be shared with you about this.

HTH

java

if this helps, please rate

View solution in original post

4 Replies 4

Go to solution
Jaime Valencia
Cisco Employee
Cisco Employee

‎01-04-2018 10:58 AM

The bug does have a lot more info, however, as it's not publicly available, you'd need to reach out to your SE or open a TAC so more information can be shared with you about this.

HTH

java

if this helps, please rate

Go to solution
Gilmar Silva
Level 1
Level 1
In response to Jaime Valencia

‎01-10-2018 04:08 AM

Thank you Jaime.


The TAC Engineer said they are expecting this bug will be fixed in the version 10.5.2 SU7 (that is not released yet).


Regards,


Gilmar Silva

 

 

 

0 Helpful

Go to solution
r.barber
Level 1
Level 1

‎01-19-2018 02:38 AM

This has just been broadcast out to all UK government orgs so has become high profile.  Does anyone acutally know which area of CUCM this vulnerability is for and what are the conditions that would allow the attacker to exploit this? 

0 Helpful

Go to solution
Jaime Valencia
Cisco Employee
Cisco Employee
In response to r.barber

‎01-19-2018 07:59 AM

The PSIRT the OP posted explains part of what you're asking, the bug has more info, but it remains internal, you'll also need to get in touch with your SE/AM until the PSIRT is updated, or the bug is made public.

HTH

java

if this helps, please rate
0 Helpful
Customers Also Viewed These Support Documents