Multiple vulnerabilities found for Cisco Unity Express

dgonzalez1 · ‎11-24-2023

Hello, my customer has several Cisco Unity Express nodes running on Cisco ISR routers, and they've found some vulnerabilities for the, which are:

- SSH Protocol Version 1 Session Key Retrieval
- Apache Tomcat 6.x < 6.0.35 Multiple Vulnerabilities
- Apache Tomcat 6.0.x < 6.0.44 Multiple Vulnerabilities (FREAK)
- OpenNMS Java Object Deserialization RCE
- Apache Tomcat 6.0.x < 6.0.48 / 7.0.x < 7.0.73 / 8.0.x < 8.0.39 / 8.5.x < 8.5.8 / 9.0.x < 9.0.0.M13 Multiple Vulnerabilities
- Apache Tomcat SEoL (<= 5.5.x)
- Apache Tomcat SEoL (6.0.x)

CUE version is 9.0.0 which is too old and is end of support.

Does anybody know of some workaround or fix for that?

Thank you.

Kasun Bandara · ‎11-24-2023

@dgonzalez1 Hi, them CUE version 9 is quite old and EOL. You need to implement a new solution on this case.

Please rate this and mark as solution/answer, if this resolved your issue
Good luck
KB