There is another document:

glenn.newman · ‎04-25-2017

This is a denial-of-service through SIP traffic. I am guessing that Unity doesn't use SIP and isn't vulnerable.

I see that the upgrade file (UCSInstall_UCOS_10.5.2.15900-8.sgn.iso) is the same for CM and Unity. I saw in one of the docs that this file upgrades OS files and that makes sense by the size of it which is 5GB.

We are doing a minor upgrade from 10.5.2.13901-2. Do you use the same file for both upgrades? If CM is getting upgraded to this version, is the recommendation to also upgrade Unity Connection?

Jitender Bhandari · ‎04-25-2017

Hi Glenn,

You can upgrade you CUCM and Unity with the same ISO that's correct, but if you don't want to upgrade Unity it is still fine. Any version above Unity 8.x would be supported with CUCM 10.5.X

(Rate if it helps)

JB

44golf58 · ‎05-05-2017

Before I open a TAC case for the question... Our CUCM is version 10.5.2.11900-3, and is not listed in Known Affected or Known Fixed releases for the Bug. Anyone else run into this? thanks.

Joe Price · ‎05-16-2017

There is another document: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170419-ucm

It explains that all versions prior to the first fixed release are affected. The first fix releases are the following:

10.5.2.14900-16
11.0.1.23900-5
11.5.1.12900-21

In a nut shell your version is affected and you will need to upgrade. I would upgrade to the latest version of 10.5 at the least.

Please rate helpful posts :)

Upgrade requirements for Call Mgr and Unity Connection for bug CSCuz72455