August 07, 2003
The restriction table is not applied to call transfer string in the personal communications assistant (PCA). This exposes Unity to toll fraud by allowing subscribers to enter transfer strings which have been explicitly disallowed. This problem is only seen in Unity 4.0(1) and 4.0(2). It is not in earlier versions of Unity. The problem is fixed in Unity 4.0(3), which will be available in September 2003.
The transfer restriction table is not applied to the transfer extension when a change of the value is requested. Enforcement of the restrictions from the table are not implemented.
A dbWalker 3.0.59 or later is posted to check all transfer, delivery and fax numbers against subscriber's current restriction tables and help characterize the exposure .
NOTE: This check is optional. It is not necessarily indicative of a problem when a transfer number or a delivery number of fax fails the restriction table check against a subscriber. This result may be due to having administrators with rights that are allowed to set strings for subscribers. For example in a help desk environment..
Go to Unity 4.0 on the Software Center and download the appropriate patch and instructions for the Unity version being fixed:
CiscoUnity4.0(1)_ES7.exe - patch for Unity 4.0(1)
CiscoUnity4.0.1_ES7Readme.txt - read me file for Unity 4.0(1)
CiscoUnity4.0(2)_ES19.exe - patch for Unity 4.0(2)
CiscoUnity4.0.2_ES19Readme.txt - read me file for Unity 4.0(2)
Until a patch is applied, customers can go through the System Administrator and disable the Class Of Service -> Licensed Feature -> Cisco Unity Assistant and prevent users from configuring the transfer extension.
To follow the bug ID link below and see detailed bug information, you must be a registered user and you must be logged in.
Restriction Table is not applied to call transfer string in PCA
For More Information
If you require further assistance, or if you have any further questions regarding this field notice, please contact the Cisco Systems Technical Assistance Center (TAC) by one of the following methods: