Hello, my customer has several Cisco Unity Express nodes running on Cisco ISR routers, and they've found some vulnerabilities for the, which are:
- SSH Protocol Version 1 Session Key Retrieval
- Apache Tomcat 6.x < 6.0.35 Multiple Vulnerabilities
- Apache Tomcat 6.0.x < 6.0.44 Multiple Vulnerabilities (FREAK)
- OpenNMS Java Object Deserialization RCE
- Apache Tomcat 6.0.x < 6.0.48 / 7.0.x < 7.0.73 / 8.0.x < 8.0.39 / 8.5.x < 8.5.8 / 9.0.x < 9.0.0.M13 Multiple Vulnerabilities
- Apache Tomcat SEoL (<= 5.5.x)
- Apache Tomcat SEoL (6.0.x)
CUE version is 9.0.0 which is too old and is end of support.
Does anybody know of some workaround or fix for that?
Thank you.