Field Notice: FN - 72166 - BroadWorks Servers Prepatched with ap378332 Might Have Sudoers Permissions Issues - Software Upgrade Recommended

Available Languages

Updated:May 3, 2021
Document ID:FN72166

Bias-Free Language

The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.

Notice

THIS FIELD NOTICE IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTY OF MERCHANTABILITY. YOUR USE OF THE INFORMATION ON THE FIELD NOTICE OR MATERIALS LINKED FROM THE FIELD NOTICE IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS FIELD NOTICE AT ANY TIME.

Revision History

Revision Publish Date Comments
1.0
24-Apr-21
Initial Release

Products Affected

Affected OS Type Affected Software Product Affected Release Affected Release Number Comments
NON-IOS
Application Patches
22.0
22.0.2021.03
Cisco BroadWorks Release 22.
NON-IOS
Application Patches
23.0
23.0.2021.03
Cisco BroadWorks Release 23.
NON-IOS
Application Patches
24.0
24.0.2021.03
Cisco BroadWorks Release 24.

Defect Information

Defect ID Headline
CSCvx32766 BEMS01198747 Verizon Security Scan Issues with BW SUDOERS Configuration on XSP

Problem Description

After Cisco BroadWorks servers are prepatched with ap378332, scripts and tasks that rely on the sudoers file might fail to execute as expected.

Background

When a Cisco BroadWorks server is prepatched with any of these patches, the system will fail to correctly execute tasks and scripts that rely on the sudoers file until a sudo password is provided.

  • AP.platform.22.0.1123.ap378332
  • AP.platform.23.0.1075.ap378332
  • AP.as.24.0.944.ap378332

Problem Symptom

Customers might notice that basic monitoring scripts, such as healthmon, do not execute as expected and prompt for a sudo password in order to continue.

Workaround/Solution

Workaround

If the patch was applied on a running release (not through a prepatch), then no further action is required.

For customers that have already prepatched their servers and experience the sudoers issue, it is recommended to not remove the patch and instead execute this script in order to correct the issue:

sudo /usr/local/broadworks/bw_base/sbin/update_sudoers.pl

Solution

These Cisco BroadWorks patches have been rereleased to include a fix that prevents this issue. Customers who have already prepatched their servers are advised to remove the old patch and reapply the patch using the rereleased version.

Release 22

Release 23

Release 23

BroadWorks patches can be downloaded through the Cisco Software Download Center after logging in with your Cisco.com (CCO) account.

The version of BroadWorks that is currently deployed as well as the patches currently activated can be checked by executing the get versions all command from the CLI. More information on how to check the patch level can be found in the Cisco BroadWorks Maintenance Guide.

For More Information

If you require further assistance, or if you have any further questions regarding this field notice, please contact the Cisco Systems Technical Assistance Center (TAC) by one of the following methods:

Receive Email Notification For New Field Notices

My Notifications—Set up a profile to receive email updates about reliability, safety, network security, and end-of-sale issues for the Cisco products you specify.

Was this Document Helpful?

FeedbackFeedback

Contact Cisco

This Document Applies to These Products