This is a denial-of-service through SIP traffic. I am guessing that Unity doesn't use SIP and isn't vulnerable.
I see that the upgrade file (UCSInstall_UCOS_10.5.2.15900-8.sgn.iso) is the same for CM and Unity. I saw in one of the docs that this file upgrades OS files and that makes sense by the size of it which is 5GB.
We are doing a minor upgrade from 10.5.2.13901-2. Do you use the same file for both upgrades? If CM is getting upgraded to this version, is the recommendation to also upgrade Unity Connection?
You can upgrade you CUCM and Unity with the same ISO that's correct, but if you don't want to upgrade Unity it is still fine. Any version above Unity 8.x would be supported with CUCM 10.5.X
(Rate if it helps)
Before I open a TAC case for the question... Our CUCM is version 10.5.2.11900-3, and is not listed in Known Affected or Known Fixed releases for the Bug. Anyone else run into this? thanks.
There is another document: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170419-ucm
It explains that all versions prior to the first fixed release are affected. The first fix releases are the following:
In a nut shell your version is affected and you will need to upgrade. I would upgrade to the latest version of 10.5 at the least.
Please rate helpful posts :)