This vulnerability affects the following Cisco Voice Operating System (VOS)–based products when they have been upgraded by using the refresh upgrade (RU) method or migrated by using the Prime Collaboration Deployment (PCD) method:
- Cisco Unified Communications Manager (UCM)
- Cisco Unified Communication Manager Session Management Edition (SME)
- Cisco Emergency Responder
- Cisco Unity Connection
- Cisco Unified Communications Manager IM and Presence Service (IM&P; earlier releases were known as Cisco Unified Presence)
- Cisco Prime License Manager
- Cisco Hosted Collaboration Mediation Fulfillment
- Cisco Unified Contact Center Express (UCCx)
- Cisco SocialMiner
- Cisco Unified Intelligence Center (UIC)
- Cisco Finesse
- Cisco MediaSense
The PCD migration method affects only Cisco UCM, SME, and IM&P.
Determining the Upgrade or Migration Method
The Cisco VOS-based products identified in the preceding vulnerable products list are affected by this vulnerability if they were refresh upgraded or migrated by using the PCD methods. Note that a VOS-based product must go through a refresh upgrade if the underlying operating system is also being upgraded to a new major release.
If the VOS-based product was standard upgraded to an Engineering Special, service update, or a new major release of the affected product that does
notrequire major upgrades to the underlying operating system, this vulnerability will be remediated by that standard upgrade action.
Refresh Upgrade Method VerificationTo verify whether the product has been exposed to the vulnerability by the refresh upgrade method, issue the following command at the CLI to view the
system-history.logfile:
admin: file view install system-history.log
The following example shows a refresh upgrade entry in the
system-history.logfile:
02/28/2013 14:56:05 | root: Upgrade (refresh) 10.0.0.97016-27 Success
The following example shows a standard upgrade entry in the
system-history.logfile:
PCD Migration Method Verification10/13/2017 18:56:07 | root: Upgrade 12.0.1.20000-3 Success
To verify whether the product has been exposed to this vulnerability by the PCD migration method, issue the following command at the CLI to view the
install.logfile:
admin: file view install install.log
The following example shows a PCD migration log entry in the
install.logfile:
10/16/2017 13:59:13 post_install|Starting post_install processing - VOS_INSTALL_CONTEXT = M1|<:info/>
The following example shows a normal fresh install log entry in the
install.logfile:
Underlying Operating System Upgraded to a New Major Release08/15/2011 08:56:03 post_install|Starting post_install processing - VOS_INSTALL_CONTEXT = install|<:info/>
A VOS-based product will undergo a refresh upgrade if the underlying operating system is also upgraded to a new major release.
The following examples show major operating system releases that are associated with major affected product releases:
Cisco UCM, Cisco Unity Connection, and Cisco Unified Presence Server/Cisco IM&P Major Release | Operating System Major Release |
---|---|
8.6 | RHEL 5 Update 5 |
9.x | RHEL 5 Update 7 |
10.x | RHEL 6 Update 2 |
11.x | RHEL 6 Update 5 |
12.x | CentOS 6 Update 6 |
Because an upgrade from RHEL 6 to CentOS 6 is not considered a major operating system release change, product updates between these operating system releases will use the standard upgrade method.
Prime Collaboration Deployment Cluster MigrationPrime Collaboration Deployment is a free application that is designed to assist in the management of various Cisco Unified Communications applications. The PCD migrate cluster task is supported only for the following Cisco products and to only certain cluster migration destination versions.
- UCM destination version 10.x, 11.0(1), 11.5(x), 12.0(1)
- IM&P destination version 10.x, 11.0(1), 11.5(x), 12.0(1)
Refer to the product documentation for information about specific upgrade and migration methods.
Determining the Current Software Release for the Cisco Unified Platform
The following Cisco products run on the Cisco Unified platform:
- Unified Communications Manager
- Unified Communications Manager Session Management Edition
- Emergency Responder
- Unity Connection
- Unified Communications Manager IM and Presence Service
- Prime License Manager
- Hosted Collaboration Mediation Fulfillment
To determine which Cisco VOS-based product software release is running on the Cisco Unified platform, an administrator can issue the
show version activecommand at the CLI.
In the following example, the software release is 11.5.1.10000-86.
ciscocm: show version active Active Master Version: 11.5.1.10000-86
An administrator can use the user interface to determine which Cisco VOS-based product software release is running:
- Log in to the web-based interface
- Click the Help menu
- Click About to view the system software release
Determining the Current Software Release for the Cisco Contact Center Platform
The following Cisco products run on the Cisco Contact Center platform:
- Unified Contact Center Express
- SocialMiner
- Unified Intelligence Center
- Finesse
- MediaSense
To determine which Cisco VOS-based product software release is running on the Contact Center platform, an administrator can issue the
show version activecommand at the CLI.
In the following example, the software release is 11.5.1.10000-86.
admin: show version active Active Master Version: 11.5.1.10000-86
An administrator can use the user interface to determine which Cisco Contact Center platform–based product software release is running:
- Log in to the Contact Center Express server
- Go to the Cisco Unified Communications operating system administration window
- Choose Show > Software
No other Cisco products are currently known to be affected by this vulnerability.
Cisco has confirmed that this vulnerability does not affect the following products:
- Cisco Identity Service (IdS) 11.5 and 11.6
- Cisco Prime Collaboration Deployment
- Cisco Prime Collaboration Provisioning
- Cisco Prime Collaboration Assurance
- Cisco Virtualized Voice Browser
from Cisco Security Advisory http://ift.tt/2hu2xlh
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.