Fix for the Apache Struts2 Vulnerability on UCCX (CSCvd63322) – Posted to CCO

I rarely post twice in the same day and most if it is scheduled from days before, however, I thought this one was important. Cisco just released the following fix that looks to address/patch this vulnerability.

Here is the CCO Link to download and install the patch on your new and upgraded UCCX 11.5 servers

Here is the link to the readme (Not really much information on what the whole thing, but just the installation instructions)

What is the deal?
In the past few weeks, a vulnerability was discovered in software that uses Apache Struts2… I think it may not be right if I go and explain the whole thing because I might miss few important things, but basically, the vulnerability enables an attacker to perform a remote code execution on the server running it. I decided to add the link –> Follow this link (Talos) and don’t own that explanation 🙂

I was under the impression that UCCX was not affected as per the initial post does not list it as affected.

In case you want to know more about this vulnerability look at the Apache Website.

For more important vulnerability reports from Apache Struts 2 follow this link

Cisco Affected Software

Now talking more about all the Cisco products that are confirmed affected by the vulnerability. Please take a look at this link (CVE-ID CVE-2017-5638)

NewImage

What to look forward to?

I think is very important for us as Consultants, Engineers, Network/Voice Administrators, to look at the most recent UCCX 11.5 installations and install this patch on any of the affected software you may have running or installed in the previous months.

Last words?

Patch those servers!!

About the Author:

Andres Sarmiento, CCIE # 53520 (Collaboration)
With more than 13 years of experience, Andres is specialized in the Unified Communications and Collaboration technologies. Consulted for several companies in South Florida, also Financial Institutions on behalf of Cisco Systems. Andres has been involved in high-profile implementations including Cisco technologies; such as Data Center, UC & Collaboration, Contact Center Express, Routing & Switching, Security and Hosted IPT Service provider infrastructures.

You can follow Andres using Twitter, LinkedIn or Facebook

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s