cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
142
Views
5
Helpful
3
Replies
Highlighted
Beginner

Upgrade requirements for Call Mgr and Unity Connection for bug CSCuz72455

This is a denial-of-service through SIP traffic.  I am guessing that Unity doesn't use SIP and isn't vulnerable.  

I see that the upgrade file (UCSInstall_UCOS_10.5.2.15900-8.sgn.iso) is the same for CM and Unity.  I saw in one of the docs that this file upgrades OS files and that makes sense by the size of it which is 5GB.  

We are doing a minor upgrade from 10.5.2.13901-2.  Do you use the same file for both upgrades?  If CM is getting upgraded to this version, is the recommendation to also upgrade Unity Connection?

3 REPLIES 3
Highlighted
Cisco Employee

Hi Glenn,

You can upgrade you CUCM and Unity with the same ISO that's correct, but if you don't want to upgrade Unity it is still fine. Any version above Unity 8.x would be supported with CUCM 10.5.X

(Rate if it helps)

JB

Highlighted

Before I open a TAC case for the question... Our CUCM is version 10.5.2.11900-3, and is not listed in Known Affected  or  Known Fixed releases for the Bug.   Anyone else run into this?  thanks.

Highlighted

There is another document:  https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170419-ucm

It explains that all versions prior to the first fixed release are affected.  The first fix releases are the following:

  • 10.5.2.14900-16
  • 11.0.1.23900-5
  • 11.5.1.12900-21

In a nut shell your version is affected and you will need to upgrade.  I would upgrade to the latest version of 10.5 at the least. 

Please rate helpful posts :)

Content for Community-Ad