(I)IoT Security News
Critical vulnerabiliities, Cyber Security, IoT Security, News, Vulnerabilities

Cisco Unified Communications Products Remote Code Execution Vulnerability

Cisco Unified Communications Products Remote Code Execution Vulnerability

Summary

Affected Products

Products Confirmed Not Vulnerable

Only products listed in the Vulnerable Products section of this advisory are known to be affected by this vulnerability.

Cisco has confirmed that this vulnerability does not affect the following Cisco products:

Workarounds

Additionally, follow the best practices that are described in the latest Security Guide for Cisco Unified Communications Manager or the latest Security Guide for Cisco Unified ICM/Contact Center Enterprise.

While this mitigation has been deployed and was proven successful in a test environment, customers should determine the applicability and effectiveness in their own environment and under their own use conditions. Customers should be aware that any workaround or mitigation that is implemented may negatively impact the functionality or performance of their network based on intrinsic customer deployment scenarios and limitations. Customers should not deploy any workarounds or mitigations before first evaluating the applicability to their own environment and any impact to such environment.

Fixed Software

Customers Without Service Contracts

Customers who purchase directly from Cisco but do not hold a Cisco service contract and customers who make purchases through third-party vendors but are unsuccessful in obtaining fixed software through their point of sale should obtain upgrades by contacting the Cisco TAC: https://www.cisco.com/c/en/us/support/web/tsd-cisco-worldwide-contacts.html

Customers should have the product serial number available and be prepared to provide the URL of this advisory as evidence of entitlement to a free upgrade.

Fixed Releases

In the following tables, the left column lists Cisco software releases. The right column indicates whether a release is affected by the vulnerability that is described in this advisory and the first release that includes the fix for this vulnerability. Customers are advised to upgrade to an appropriate fixed software release as indicated in this section.

Unified CM and Unified CM SME: CSCwd64245

The Cisco Product Security Incident Response Team (PSIRT) validates only the affected and fixed release information that is documented in this advisory.

Source:

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-rce-bWNzQcUm

Related posts

AVEVA System Platform (Update A)

(I) IoT
3 years ago

Schneider Electric Zelio Soft 2

(I) IoT
6 years ago

GE Communicator

(I) IoT
6 years ago
Exit mobile version