Guest

Cisco Unity

Unity 4.0(1) and 4.0(2) Restriction Table is Not Applied to Call Transfer String in Personal Communications Assistant(PCA)


August 07, 2003



Products Affected

  • Unity 4.0(1)

  • Unity 4.0(2)

Problem Description

The restriction table is not applied to call transfer string in the personal communications assistant (PCA). This exposes Unity to toll fraud by allowing subscribers to enter transfer strings which have been explicitly disallowed. This problem is only seen in Unity 4.0(1) and 4.0(2). It is not in earlier versions of Unity. The problem is fixed in Unity 4.0(3), which will be available in September 2003.

Background

The transfer restriction table is not applied to the transfer extension when a change of the value is requested. Enforcement of the restrictions from the table are not implemented.

Problem Symptoms

A dbWalker 3.0.59 or later is posted to check all transfer, delivery and fax numbers against subscriber's current restriction tables and help characterize the exposure .

NOTE: This check is optional. It is not necessarily indicative of a problem when a transfer number or a delivery number of fax fails the restriction table check against a subscriber. This result may be due to having administrators with rights that are allowed to set strings for subscribers. For example in a help desk environment..

Workaround/Solution

Go to Unity 4.0 on the Software Center and download the appropriate patch and instructions for the Unity version being fixed:

  • CiscoUnity4.0(1)_ES7.exe - patch for Unity 4.0(1)

  • CiscoUnity4.0.1_ES7Readme.txt - read me file for Unity 4.0(1)

  • CiscoUnity4.0(2)_ES19.exe - patch for Unity 4.0(2)

  • CiscoUnity4.0.2_ES19Readme.txt - read me file for Unity 4.0(2)

Until a patch is applied, customers can go through the System Administrator and disable the Class Of Service -> Licensed Feature -> Cisco Unity Assistant and prevent users from configuring the transfer extension.

DDTS

To follow the bug ID link below and see detailed bug information, you must be a registered user and you must be logged in.

DDTS

Description

CSCeb30463 (registered customers only)

Restriction Table is not applied to call transfer string in PCA

For More Information

If you require further assistance, or if you have any further questions regarding this field notice, please contact the Cisco Systems Technical Assistance Center (TAC) by one of the following methods: