cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
635
Views
0
Helpful
7
Replies

CUAdmin inaccessible after 10.5.2 upgrade

mbaker33
Level 1
Level 1

I upgraded from 10.5.1 to 10.5.2b tonight and all went well, except when I attempt to go to the CUAdmin page, I am redirected to the CMPlatform page.  Is this a bug, or is there something I can do to resolve?

 

Thanks,

 

Mark

7 Replies 7

Aman Soi
VIP Alumni
VIP Alumni

Hi Mark,

 

Are u able to login to other pages like unified reporting/Disaster recovery and cisco unified serviceability after u are trying to Administration page but get access to OS Administartion page?

 

I can find one bug but not sure whether exactly relates to your issue.

CUCM Platform Vulnerable to CSRF Attack
CSCuo95791
Symptom:
A vulnerability in the web application of Cisco Unified Communications Manager which could allow an authenticated, local attacker to execute unwanted
actions.

The vulnerability is due to Cross-Site Request Forgery. An attacker could exploit this vulnerability by tricking the user of a web application
into executing an adverse action.

Conditions:
Web applications in the Cisco Unified Communications Manager has several pages that are vulnerable to CSRF attacks which can change settings. For
example, uploading and deleting certificates, custom login messages and tftp files. https://cucmserver/cmplatform/certificateUpload.do
https://cucmserver/cmplatform/certificateDelete.do https://cucmserver/cmplatform/clmFileUpload.dohttps://cucmserver/cmplatform/clmFileDelete.do
https://cucmserver/cmplatform/tftpFileUpload.do https://cucmserver/cmplatform/tftpFLDeleteSelected.do
https://cucmserver/cmplatform/ssoAppConfigSave.do

Workaround:
NONE

 

regds,

aman

Hello Aman,

 

Yes, I am able to access all of the other sites, just not the CUAdmin site for some reason.

 

The bug you referenced doesn't seem to be a match.

 

Thanks,

 

Mark

Hi Mark,

 

I could not find any more info related to this issue .Suggets opening TAC case .

 

regds,

aman

Thanks Aman,

 

I was thinking the same thing, but sometimes it's faster with a post here.

 

Thanks for your help,

 

Mark

Hi Mark,

 

Please do share results since never came across this issue.

 

regds,

aman

Hi Mark,

Hwo many servers u have in cluster?Is it happening for all of them.

 

can u check from CLI by running command utils service list status of below :

Cisco CallManager Admin

whether it is stopped or STARTED

 

regds,

aman

Hi Aman,

 

I am on with TAC now and they suspect it is a bug, but it is an internal bug at the moment.  Disabling SSO allowed access to the admin page, however, Jabber SSO integration now is broken.  

 

They searched for a workaround, but there wasn't one at this time.  We will need to disable SSO during off hours in order to manage Unity users, and enable it again for Jabber to work properly.  

 

I am also under the impression that this may not be resolved until Unity 11 later in the summer.

 

Mark

 

Update:  It appears after disabling and enabling SSO, all works fine.  Perhaps this is a good work around for anyone looking to upgrade to 10.5.2 and run SSO.