This document provides installation instructions for ICM10.5(3) ES5. It also contains a list of ICM issues resolved by this engineering special. Please review all sections in this document pertaining to installation before installing the product. Failure to install this engineering special as described may result in inconsistent ICM behavior.
This document contains these sections:
The Product
Alert Tool offers you the ability to set up one or more profiles that will
enable you to receive email notification of new Field Notices, Product Alerts
or End of Sale information for the products that you have selected.
The Product
Alert Tool is available at http://www.cisco.com/cgi-bin/Support/FieldNoticeTool/field-notice
This ES patch resolves security
vulnerability (CVE-2017-5638) in the websetup application
all ICM / CCE servers including admin client setup in client machines by
upgrading struts to version 2.3.32.
One would need to stop all ICM /
CCE services running on the server, before proceeding with patch installation.
Since this patch contains a fix
only for the websetup application, there shouldn’t be
a need to have a contact center downtime.
ICM 10.5(3)
Installation of this patch requires the all ICM services to be shut down during the entire period of installation. It is always recommended to install this ES during a scheduled downtime.
·
Using
the ICM Service Control, stop all the ICM services running on the system.
·
Launch
the Installer provided for ES5 and follow the instructions on the screen.
·
Using
the ICM Service Control, start all ICM services again.
To uninstall this patch, go to Control Panel. Select "Add or Remove Programs". Find the installed patch in the list and select "Remove".
Note: Patches have to be removed in the reverse order in which they were installed. For example, if you had installed patches 3, then 5, then 10 for a product, you will need to uninstall patches 10, 5 and 3 in that order to remove all patches for that product.
This section provides a list of significant ICM defects resolved by this engineering special. It contains these subsections:
Note: You can view more information on and track individual ICM defects using the Cisco Bug Toolkit located at: http://www.cisco.com/support/bugtools/Bug_root.html
This section lists caveats specifically resolved by ICM10.5(3) ES5.
Caveats in this section are ordered by ICM component, severity, and then
identifier.
Be sure to include ALL of the resolved caveats for the files you're delivering,
i.e. all of the caveats from the release notes of the previous ES which included
these files.
Identifier |
Severity |
Component |
Headline |
CSCvd51210 |
1 |
web.setup |
Evaluation
of icm for struts2-jakarta |
Caveats are ordered by severity then defect number.
Be sure to include ALL of the resolved caveats for the files you're delivering,
i.e. all of the caveats from the release notes of the previous ES which
included these files.
Defect Number: CSCvd51210
Component: web.setup
Severity: 1
Headline: Evaluation of icm for struts2-jakarta
Symptom:
This product includes a version of Apache Struts2 that is affected by the
vulnerability identified by one or more of the following Common Vulnerability
and Exposures (CVE) IDs: CVE-2017-5638 And disclosed in
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170310-struts2
This bug has been opened to address the potential impact on this product. Cisco
has confirmed that this product is impacted. Refer to the fixed version field
for information about fixed release
Conditions: Exposure is not configuration dependent.
Workaround: None
Further Problem Description: PSIRT Evaluation: The Cisco PSIRT has
assigned this bug the following CVSS version 3 score. The Base CVSS score as of
the time of evaluation is: 9.8 https://tools.cisco.com/security/center/cvssCalculator.x?version=3&vector=CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:U/CR:L/IR:L/AR:L/MAV:L/MAC:L/MPR:N/MUI:R/MS:U/MC:N/MI:N/MA:N
The following sections provide sources for obtaining documentation from Cisco Systems.
You can access the most current Cisco documentation on the World Wide Web at the following sites:
Cisco documentation and additional literature are available in a CD-ROM package, which ships with your product. The Documentation CD-ROM is updated monthly and may be more current than printed documentation. The CD-ROM package is available as a single unit or as an annual subscription.
Cisco documentation is available in the following ways:
If you are reading Cisco product documentation on the World Wide Web, you can submit technical comments electronically. Click Feedback in the toolbar and select Documentation. After you complete the form, click Submit to send it to Cisco.
You can e-mail your comments to bug-doc@cisco.com.
To submit your comments by mail, use the response card behind the front cover of your document, or write to the following address:
Attn Document Resource Connection
Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134-9883
We appreciate your comments.
Cisco provides Cisco.com as a starting point for all technical assistance. Customers and partners can obtain documentation, troubleshooting tips, and sample configurations from online tools. For Cisco.com registered users, additional troubleshooting tools are available from the TAC website.
Cisco.com is the foundation of a suite of interactive, networked services that provides immediate, open access to Cisco information and resources at anytime, from anywhere in the world. This highly integrated Internet application is a powerful, easy-to-use tool for doing business with Cisco.
Cisco.com provides a broad range of features and services to help customers and partners streamline business processes and improve productivity. Through Cisco.com, you can find information about Cisco and our networking solutions, services, and programs. In addition, you can resolve technical issues with online technical support, download and test software packages, and order Cisco learning materials and merchandise. Valuable online skill assessment, training, and certification programs are also available.
Customers and partners can self-register on Cisco.com to obtain additional personalized information and services. Registered users can order products, check on the status of an order, access technical support, and view benefits specific to their relationships with Cisco.
To access Cisco.com, go to: http://www.cisco.com
The Cisco TAC website is available to all customers who need technical assistance with a Cisco product or technology that is under warranty or covered by a maintenance contract.
If you have a priority level 3 (P3) or priority level 4 (P4) problem, contact TAC by going to the TAC website: http://www.cisco.com/tac
P3 and P4 level problems are defined as follows:
In each of the above cases, use the Cisco TAC website to quickly find answers to your questions.
To register for Cisco.com, go to the following website: http://www.cisco.com/register/
If you cannot resolve your technical issue by using the TAC online resources, Cisco.com registered users can open a case online by using the TAC Case Open tool at the following website: http://www.cisco.com/tac/caseopen
If you have a priority level 1(P1) or priority level 2 (P2) problem, contact TAC by telephone and immediately open a case. To obtain a directory of toll-free numbers for your country, go to the following website: http://www.cisco.com/warp/public/687/Directory/DirTAC.shtml
P1 and P2 level problems are defined as follows: