This document provides installation instructions for ICM10.5(3) ES24. It also contains a list of ICM issues resolved by this engineering special. Please review all sections in this document pertaining to installation before installing the product. Failure to install this engineering special as described may result in inconsistent ICM behavior.
This document contains these sections:
The Product
Alert Tool offers you the ability to set up one or more profiles that will
enable you to receive email notification of new Field Notices, Product Alerts
or End of Sale information for the products that you have selected.
The Product
Alert Tool is available at http://www.cisco.com/cgi-bin/Support/FieldNoticeTool/field-notice
This ES patch
resolves security vulnerabilities (CVE-2017-12611, CVE-2017-9805,
CVE-2017-9804, CVE-2017-9793)
in the websetup
application all ICM /
CCE servers including Admin Client machines by upgrading struts to version
2.3.34.
One would need to stop all ICM / CCE services running
on the server, before proceeding with patch installation.
Since this patch contains a fix only for
the websetup application,
there shouldn’t be a need to have a contact center downtime. For
instance, if you were installing this patch on a duplexed Router server, you
could bring one side down, apply the ES and then restart the Router service
again after reboot, to resume duplexed operation. Once duplexed operation
resumes, the other side of the Router can have the patch applied.
10.5(3)
· Using the ICM Service Control, stop all the ICM services
running on the system.
· Launch the Installer provided for ES24 and follow the
instructions on the screen.
· Using the ICM Service Control, start all ICM services
again.
To uninstall this patch, go to Control Panel. Select "Add or Remove Programs". Find the installed patch in the list and select "Remove".
Note: Patches have to be removed in the reverse order in which they were installed. For example, if you had installed patches 3, then 5, then 10 for a product, you will need to uninstall patches 10, 5 and 3 in that order to remove all patches for that product.
This section provides a list of significant ICM defects resolved by this engineering special. It contains these subsections:
Note: You can view more information on and track individual ICM defects using the Cisco Bug Toolkit located at: http://www.cisco.com/support/bugtools/Bug_root.html
This section lists caveats specifically resolved by ICM10.5(3) ES24.
Caveats in this section are ordered by ICM component, severity, and then
identifier.
Be sure to include ALL of the resolved caveats for the files you're delivering,
i.e. all of the caveats from the release notes of the previous ES which
included these files.
Identifier |
Severity |
Component |
Headline |
CSCvf86098 |
2 |
web.setup |
Evaluation of positron for Struts2 Sep-17 Vulnerabilities |
2 |
deployment |
Evaluation of hcs_cc for Struts2 Sep-17 Vulnerabilities |
|
2 |
web.setup |
Evaluation of icm for Struts2 Sept17 batch 2 vulnerability |
|
2 |
deployment |
Evaluation of hcs_cc for Struts2 Sept17 batch 2 vulnerability |
Caveats are ordered by severity then defect number.
Be sure to include ALL of the resolved caveats for the files you're delivering,
i.e. all of the caveats from the release notes of the previous ES which
included these files.
Defect Number: CSCvf86098
Component: web.setup
Severity: 2
Headline: Evaluation of positron for Struts2 Sep-17 Vulnerabilities
$$IGNORE-PSIRT CISCO HIGHLY CONFIDENTIAL - CONTROLLED ACCESS
This issue is under review by the Cisco Product Security Incident Response team
(PSIRT). The defect describes a product security vulnerability. Its contents
must be protected from unauthorized disclosure, both internal and external to
Cisco. Do not forward this information to mailing lists or newsgroups.
Documentation writers: it is prohibited to publish this Release-note Enclosure
(RNE) until the content has been approved by PSIRT. PSIRT may publish a
Security Advisory regarding this defect, and the current text of this RNE will
be replaced with appropriate information. In the event that a Security Advisory
is not published, PSIRT will replace this text with an appropriate explanation.
More information on PSIRT is available at http//psirt.cisco.com/. Cisco's
public policy on security vulnerability handling can be reviewed at
http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html.
For further information, send a message to psirt@cisco.com.
Symptom:
Conditions:
Workaround:
Further Problem Description:
Defect Number: CSCvf86143
Component: deployment
Severity: 2
Headline: Evaluation of hcs_cc
for Struts2 Sep-17 Vulnerabilities
$$IGNORE-PSIRT CISCO HIGHLY CONFIDENTIAL - CONTROLLED ACCESS
This issue is under review by the Cisco Product Security Incident Response team
(PSIRT). The defect describes a product security vulnerability. Its contents
must be protected from unauthorized disclosure, both internal and external to
Cisco. Do not forward this information to mailing lists or newsgroups.
Documentation writers: it is prohibited to publish this Release-note Enclosure
(RNE) until the content has been approved by PSIRT. PSIRT may publish a
Security Advisory regarding this defect, and the current text of this RNE will
be replaced with appropriate information. In the event that a Security Advisory
is not published, PSIRT will replace this text with an appropriate explanation.
More information on PSIRT is available at http//psirt.cisco.com/. Cisco's
public policy on security vulnerability handling can be reviewed at
http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html.
For further information, send a message to psirt@cisco.com.
Symptom:
Conditions:
Workaround:
Further Problem Description:
Defect Number: CSCvf89964
Component: web.setup
Severity: 2
Headline: Evaluation
of icm for Struts2 Sept17 batch 2 vulnerability
$$IGNORE-PSIRT CISCO HIGHLY CONFIDENTIAL - CONTROLLED ACCESS
This issue is under review by the Cisco Product Security Incident Response team
(PSIRT). The defect describes a product security vulnerability. Its contents
must be protected from unauthorized disclosure, both internal and external to
Cisco. Do not forward this information to mailing lists or newsgroups.
Documentation writers: it is prohibited to publish this Release-note Enclosure
(RNE) until the content has been approved by PSIRT. PSIRT may publish a
Security Advisory regarding this defect, and the current text of this RNE will
be replaced with appropriate information. In the event that a Security Advisory
is not published, PSIRT will replace this text with an appropriate explanation.
More information on PSIRT is available at http//psirt.cisco.com/. Cisco's
public policy on security vulnerability handling can be reviewed at
http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html.
For further information, send a message to psirt@cisco.com.
Symptom:
Conditions:
Workaround:
Further Problem Description:
Defect Number: CSCvf90001
Component: deployment
Severity: 2
Headline: Evaluation of hcs_cc
for Struts2 Sept17 batch 2 vulnerability
$$IGNORE-PSIRT CISCO HIGHLY CONFIDENTIAL - CONTROLLED ACCESS
This issue is under review by the Cisco Product Security Incident Response team
(PSIRT). The defect describes a product security vulnerability. Its contents
must be protected from unauthorized disclosure, both internal and external to
Cisco. Do not forward this information to mailing lists or newsgroups.
Documentation writers: it is prohibited to publish this Release-note Enclosure
(RNE) until the content has been approved by PSIRT. PSIRT may publish a
Security Advisory regarding this defect, and the current text of this RNE will
be replaced with appropriate information. In the event that a Security Advisory
is not published, PSIRT will replace this text with an appropriate explanation.
More information on PSIRT is available at http//psirt.cisco.com/. Cisco's
public policy on security vulnerability handling can be reviewed at
http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html.
For further information, send a message to psirt@cisco.com.
Symptom:
Conditions:
Workaround:
Further Problem Description:
The following sections provide sources for obtaining documentation from Cisco Systems.
You can access the most current Cisco documentation on the World Wide Web at the following sites:
Cisco documentation and additional literature are available in a CD-ROM package, which ships with your product. The Documentation CD-ROM is updated monthly and may be more current than printed documentation. The CD-ROM package is available as a single unit or as an annual subscription.
Cisco documentation is available in the following ways:
If you are reading Cisco product documentation on the World Wide Web, you can submit technical comments electronically. Click Feedback in the toolbar and select Documentation. After you complete the form, click Submit to send it to Cisco.
You can e-mail your comments to bug-doc@cisco.com.
To submit your comments by mail, use the response card behind the front cover of your document, or write to the following address:
Attn Document Resource Connection
Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134-9883
We appreciate your comments.
Cisco provides Cisco.com as a starting point for all technical assistance. Customers and partners can obtain documentation, troubleshooting tips, and sample configurations from online tools. For Cisco.com registered users, additional troubleshooting tools are available from the TAC website.
Cisco.com is the foundation of a suite of interactive, networked services that provides immediate, open access to Cisco information and resources at anytime, from anywhere in the world. This highly integrated Internet application is a powerful, easy-to-use tool for doing business with Cisco.
Cisco.com provides a broad range of features and services to help customers and partners streamline business processes and improve productivity. Through Cisco.com, you can find information about Cisco and our networking solutions, services, and programs. In addition, you can resolve technical issues with online technical support, download and test software packages, and order Cisco learning materials and merchandise. Valuable online skill assessment, training, and certification programs are also available.
Customers and partners can self-register on Cisco.com to obtain additional personalized information and services. Registered users can order products, check on the status of an order, access technical support, and view benefits specific to their relationships with Cisco.
To access Cisco.com, go to: http://www.cisco.com
The Cisco TAC website is available to all customers who need technical assistance with a Cisco product or technology that is under warranty or covered by a maintenance contract.
If you have a priority level 3 (P3) or priority level 4 (P4) problem, contact TAC by going to the TAC website: http://www.cisco.com/tac
P3 and P4 level problems are defined as follows:
In each of the above cases, use the Cisco TAC website to quickly find answers to your questions.
To register for Cisco.com, go to the following website: http://www.cisco.com/register/
If you cannot resolve your technical issue by using the TAC online resources, Cisco.com registered users can open a case online by using the TAC Case Open tool at the following website: http://www.cisco.com/tac/caseopen
If you have a priority level 1(P1) or priority level 2 (P2) problem, contact TAC by telephone and immediately open a case. To obtain a directory of toll-free numbers for your country, go to the following website: http://www.cisco.com/warp/public/687/Directory/DirTAC.shtml
P1 and P2 level problems are defined as follows: