Cisco has released software updates that address this vulnerability
for all the affected products except Cisco Business Edition 3000. Cisco
Business Edition 3000 customers should contact their Cisco representative for
When considering software upgrades, customers are advised to consult the Cisco Security Advisories and Responses archive at http://www.cisco.com/go/psirt and review subsequent advisories to determine exposure and a complete upgrade solution.
In all cases, customers should ensure that the devices to be upgraded contain sufficient memory and confirm that current hardware and software configurations will continue to be supported properly by the new release. If the information is not clear, customers are advised to contact the Cisco Technical Assistance Center (TAC) or their contracted maintenance providers.
The following table provides the first fixed release for each of the affected products:
||First Fixed Release
|| 126.96.36.1993-6, 188.8.131.525-4, 184.108.40.2068-6, 220.127.116.11-9, 18.104.22.168-4, 22.214.171.124-4 and 126.96.36.1999
|Cisco Business Edition 3000
|| Not available - Please contact Cisco TAC or your Cisco representative for available options
|Cisco Unified SIP Proxy
|Cisco MXE 3500 Series
|| 3.3.2 and apply StrutsPatch.zip
|Cisco Unified CCE and Cisco PCCE
|10.5(1), 8.5(4)ES37, 9.0(4)ES39, 9.0(3)ES13, 10.0(1)ES10, and 10.0(2)
: The Engineering Special patch releases for Cisco Unified CCE are available at the following links:
Cisco ISE is affected by additional vulnerabilities that are described in the Cisco Security Advisory at the following link:
Cisco ISE customers should consult that advisory before making a decision on the upgrade path.