Important Updates Required for CIsco Unified Communications Mana

garethpeart · ‎07-29-2013

Folks,

I recently received an Email our Cisco SE letting us know about a specific security hole in CUCM that I figured that you might be interested in:

As your account team, we wanted to make you aware of an important update to Cisco Unified Communications Manager that addresses a security flaw discovered on June 6th. This flaw, if unpatched, could allow a remote attacker to gain access to your Communications Manager. Cisco has released a Cisco Options Package (COP) file for each of the affected versions to mitigate the vulnerability. The updated COP file, cmterm-CSCuh01051-2.cop.sgn, is available on CCO for download now and is located under the Utilities section of the software downloads page for each of the affected versions.

The full details of this vulnerability can be found in the security advisory page: cisco-sa-20130717-cucm - Multiple Vulnerabilities in Cisco Unified Communications Manager. If you have issues downloading the update file or questions about the vulnerability, please don't hesitate to contact your account team so we can assist in you getting access to this.

craigneeld · ‎09-03-2013

Hey Gareth.

Reboot required after the install? Applied to all nodes in the cluster?

Regards,

C.

garethpeart · ‎09-03-2013

Yep. Applied to all servers and a reboot is required.

Gareth

craigneeld · ‎09-03-2013

Thanks Gareth!

Rob Huffman · ‎09-03-2013

Hi Craig,

From the ReadMe;

Installation Instructions:

As with any installation or upgrade, it is recommended that you apply this Update during off peak hours.

When applying this Update be advised that a clusterwide reboot is required.

This update must be installed on all machines in the cluster before the cluster is rebooted.

Installation to all machines in the cluster is required; you must start with the Publisher. After the Update has been applied

to all servers you will need to reboot the entire cluster. See

Rebooting the Cluster for detailed instructions.

This package will install on the following System Versions:

-

7.1.3.10000

-

xx or any higher version starting with 7

.1.3.xxxxx

-

7.1.5.10000

-

xx or any higher version starting with 7.1.5.xxxxx

-

8.5.1.10000

-

xx or any higher version starting with 8.5.1.xxxxx

-

8.6.2.10000

-

xx or any higher version starting with 8.6.2.xxxxx

-

9.1.1.10000

-

xx or any higher version startin

g with 9.1.1.xxxxx

http://www.cisco.com/web/software/282204704/18582/ReadmeForBlindSQLinjectionCOPfile.pdf

Cheers!

Rob

craigneeld · ‎09-03-2013

Cheers Rob,

Couldnt find the ReadMe file!

Regards,

C.

Rob Huffman · ‎09-03-2013

Hi Gareth,

Thanks for posting up this info (+5) for passing

this along to the community!

Cheers!

Rob

"Your life is worth much more than gold."

- Bob Marley

Rob Huffman · ‎09-03-2013

Hi Craig,

You are most welcome my friend

Just for future reference, if you find the file on the Cisco downloads

page & hover your mouse over the file it will give you access to the ReadMe etc.

Cheers!

Rob

"Your life is worth much more than gold."

- Bob Marley

craigneeld · ‎09-03-2013

One more question sorry guys.

Is the partition upgraded with the inactive being the same version without the patch?

C

Rob Huffman · ‎09-03-2013

Hi Craig,

Yes, this file will be installed on the Active partition and will not change

anything on the Inactive partition.

Cheers!

Rob

"Your life is worth much more than gold."

- Bob Marley

Important Updates Required for CIsco Unified Communications Manager Versions 7.1 - 9.1