This document provides installation instructions
for Unified CCE 11.6(1) ES58. It also contains a list of Unified CCE issues
resolved by this engineering special. Review all installation information
before installing the product. Failure to install this engineering special as
described can result in inconsistent Unified CCE behavior.
This document contains these sections:
In the Product
Alert Tool, you can set up profiles to receive email notification of
new Field Notices, Product Alerts, or End of Sale information for your selected
products.
The Product
Alert Tool is available at https://www.cisco.com/cisco/support/notifications.html.
If your
system has ES41 installed, remove it before installing this ES.
Whitelisting has been introduced
for shindig requests in PCCE. The below vulnerabilities are resolved in this
patch -
·
Cross-Site scripting
·
Phishing through Remote file inclusion
·
Phishing through frames
· Authentication Bypass Using HTTP Verb Tampering
·
Cross-Site Request Forgery
This section lists the Unified CCE components on
which you can and cannot install this engineering special.
You can install Unified CCE 11.6(1) ES58 on
these Unified CCE components:
Do not install this engineering special on the
following components:
1. Download
the CCE 11.6(1) ES58 from CCO.
2. Copy the patch local to the
server where it needs to be installed.
3. Stop all UCCE application
running in the UCCE Server.
4. Run the Installer.
5. Reboot the server after
successful installation.
6. Start all the UCCE services
1. Stop
all UCCE application running in the UCCE Server.
2. To
uninstall this patch, go to Control Panel. Select "Add or Remove
Programs". Find the installed patch in the list and select
"Remove".
3. Reboot
the server.
4. Start
all the UCCE services
Note: Remove patches in
the reverse order of their installation. For example, if you installed patches
3, then 5, then 10 for a product, you must uninstall patches 10, 5, and 3, in
that order, to remove the patches from that product.
This section provides a list of significant
Unified CCE defects resolved by this engineering special. It contains these
subsections:
Note: You can view more
information on and track individual Unified CCE defects using the Cisco Bug
Search tool, located at: https://bst.cloudapps.cisco.com/bugsearch/search?null.
This section lists caveats specifically resolved
by Unified CCE 11.6(1) ES58.
Caveats in this section are ordered by UNIFIED
CCE component, severity, and then identifier.
The primary fix
for ES58 is as mentioned below -
|
Identifier |
Severity |
Component |
Headline |
|
CSCvi88426 |
2 |
web.config.ui |
ICM 11.6 - CCEAdmin -
Vulnerabilities - BAVA Scan |
Caveats are ordered by severity then defect
number.
Defect Number: CSCvi88426
Component: web.config.ui
Severity: 2
Headline: Multiple
Vulnerabilities in Cisco Packaged Contact Center Enterprise
<B>
Symptom:</B> Multiple vulnerabilities in the web-based
management interface of Cisco Packaged Contact Center Enterprise could allow an
unauthenticated, remote attacker to conduct cross-site scripting (XSS) attacks
against a user of the interface or conduct a cross-site request forgery (CSRF)
attack. For more information about these vulnerabilities, see the Details
section of the advisory. There are no workarounds that address these
vulnerabilities. This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180905-pcce
<B>
Conditions:</B> Please refer to the advisory. <B>
Workaround:</B> Please refer to the advisory. <B>
Further Problem Description:</B> None PSIRT Evaluation: The Cisco
PSIRT has assigned this bug the following CVSS version 3 score. The Base CVSS
score as of the time of evaluation is 6.1:
https://tools.cisco.com/security/center/cvssCalculator.x?version=3.0&vector=CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
CVE ID CVE-2018-0444, CVE-2018-0445 have been assigned to document this issue.
Additional information on Cisco's security vulnerability policy can be found at
the following URL: http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html
|
Identifier |
Severity |
Component |
Headline |
||
|
CSCvf89574 |
6 |
aw.tools |
Multiple Supervisors per Person Configuration Support |
||
|
CSCvf86098 |
2 |
web.setup |
Evaluation of ICM for Struts2
Sep-17 Vulnerabilities |
||
|
CSCvf86143 |
2 |
deployment |
Evaluation of HCS_CC for Struts2 Sep-17 Vulnerabilities |
||
|
CSCvg33401 |
2 |
aw.tools |
ICM domain manager and Websetup not accessible |
||
|
CSCvg15358 |
2 |
dbconfig |
PCCE gets a "The machine
inventory is not valid" error with off-box CUCM |
||
|
CSCvf89574 |
6 |
aw.tools |
Multiple Supervisors per Person
Configuration Support |
||
|
CSCvg39095 |
3 |
aw.tools |
UserGroup entry get created with type SSO for when non-UCM
Supervisor is added |
||
|
- |
- |
aw.tools |
PCCE SPEC Based Hardware Support |
||
|
CSCvg88525 |
2 |
|
OPC does not increment CallsInProgress when EstablishedEvent
received for an unknown task on MRPG |
||
|
CSCvh48598 |
2 |
router |
After upgrading to
11.6(1) ECC variables are not being registered via I2I gateway |
||
|
CSCuu75122 |
3 |
router |
DST change
causes loss of CallType and Skill
Group Historical Data for last hour of the day |
||
|
CSCvg68770 |
3 |
router |
23:30 interval
data missing from CallTypeHalfHour and CallTypeSkillGroupHalfHour |
||
|
CSCvh73223 |
2 |
router |
AppGateway Asserts
if an ECC Variable is Deleted. |
||
|
CSCvf59905 |
3 |
|
Finesse agents get frozen for 60 seconds while waiting for
response to Clear Connection request |
||
|
CSCvf56246 |
3 |
pg.opc |
Agent cannot enter wrapup data when Customer drops conf
call with Agents on different PGs |
||
|
CSCvi81684 |
2 |
router |
Calls Queued to Scheduled Target not routed to available
target when schedule is changed. |
||
|
CSCvi63016 |
3 |
scripteditor |
"Formula editor" in script editor grayed out |
||
|
CSCvi82564 |
3 |
pg.vru |
Calls abandoned in Queue below Abandoned call
wait time not counted as Short |
||
|
CSCvj49590 |
2 |
router |
Indirect Target Node in Script
unable to use Translation Route causes Router Crash |
||
|
CSCvj42647 |
3 |
serviceability.snmp |
Contact Sharing authentication
Error Logging is Inadequate |
||
|
CSCvi85961 |
3 |
outbound |
Dialer reserved agents but
Campaign is in the locked state due to no records |
||
|
CSCvg54739 |
2 |
dbconfig |
CCEAdmin truncates
the UPN FQDN |
||
|
CSCvg48617 |
2 |
security |
UCCE - CCEAdmin - Multidomain Forest - Alternate UPN login fails |
||
|
CSCvg11151 |
2 |
pg.opc |
PG unable to establish connection with Router after
network issue |
||
|
CSCvj77182 |
3 |
aw.tools |
Supervisor login name with
alternate upn suffix getting saved incorrectly in usergroup table |
||
|
CSCvj80410 |
4 |
install |
UCCE 11.6: Websetup fails in HCS environment with multiple Domain
Controllers |
||
|
CSCvf45868 |
2 |
cg.ctiserver |
Finesse takes long time to come
in-service during start-up or failover |
||
|
CSCvg70458 |
2 |
cg.ctiserver |
CTI Server memory leak |
||
|
CSCvh51896 |
2 |
cg.ctiserver |
CTIServer crash if empty string field (length 0) passed by Client
in OPEN_REQ floating field |
||
|
CSCvh53269 |
2 |
cg.ctiserver |
CTIServer sends N/A (PT_NONE) in the PeripheralType
Field in the OPEN_CONF message |
||
|
CSCvk18288 |
3 |
cg.ctiserver |
Finesse Queue Statistics gadget
shows default skill groups with ES12 or ES15 applied to PG |
||
|
CSCvi88437 |
2 |
web.setup |
ICM 11.6 - AWHDS WebSetup -
Vulnerabilities |
||
|
CSCvk41834 |
2 |
pg.cucm.jtapi |
PIM failover due to JGW
exception for a call. |
||
|
CSCvf48226 |
2 |
outbound |
Dialer does not dial out any calls when registered with Standby
Campaign Manager during CM failover |
||
|
CSCvi10693 |
2 |
outbound |
Outbound Campaign Manager
restarts with minidump when Campaign is
disabled using REST API |
||
|
CSCvk06453 |
2 |
outbound |
Outbound Dialer
dials out to Customer Phone Numbers contained in Do Not Call List |
||
|
CSCvj59379 |
3 |
outbound |
Personal Callback
is scheduled with incorrect time if 2nd PCB scheduled when DST is Active |
||
|
CSCvk69877 |
3 |
outbound |
Campaign Manager Standby Side
keeps Accumulating Memory (process private bytes) |
||
|
CSCvk44534 |
2 |
outbound |
SIP Dialer dialing less calls per second than the configured
value |
||
|
CSCvf72231 |
3 |
outbound |
Agent reservation call not cleared during reservation
timeout |
||
|
CSCvk32487 |
4 |
outbound |
Outbound dialer perfmon counter
"NumberOfAttemptedCallsPerSecond" is
incorrect |
||
|
CSCvf99578 |
3 |
pg.cucm |
Call grid stays on finesse agent desktop in reverse
transfer scenario |
||
|
CSCvj09046 |
3 |
router |
New call incorrectly reported in Default SG if agent is
Reskilled during call routing operation |
||
|
CSCvk62999 |
3 |
scripteditor |
Validate button broken on Queue to Skill Group Node |
||
|
CSCvk63046 |
3 |
scripteditor |
No Warning text that saved script with error will not
become active |
||
|
CSCvk44540 |
2 |
outbound |
Outbound Option Campaign Manager High Availability
Replication is Very Slow |
||
|
CSCvm72015 |
3 |
router |
RouterError field
is not getting updated in RQI |
||
|
CSCvk40262 |
3 |
scripteditor |
Script Editor crashes when trying to open a corrupted
script |
||
|
CSCvn18888 |
2 |
web.setup |
Evaluation of icm for Apache
Struts Commons FileUpload RCE |
||
|
CSCvm13986 |
2 |
web.setup |
Evaluation of icm for Struts remote code execution vulnerability August
2018 |
||
|
CSCvk03510 |
3 |
dbconfig |
PCCE support
for BE7KH M5 hardware. |
||
|
CSCvf27253 |
3 |
dbconfig |
Change to PQ
attribute may update User_Group table |
||
|
CSCvn20910 |
3 |
dbconfig |
CCEadmin - System Inventory always uses the credentials of First
Finesse/CUIC cluster for SOAP API |
You can access current Cisco documentation on
the Support pages at the following sites:
To provide comments about this document, send an
email message to the following address:
contactcenterproducts_docfeedback@cisco.com
We appreciate your comments.
Cisco.com is a starting point for all technical
assistance. Customers and partners can obtain documentation, troubleshooting
tips, and sample configurations from online tools. For Cisco.com registered
users, additional troubleshooting tools are available from the TAC site.
Cisco.com provides a broad range of features and
services to help customers and partners streamline business processes and
improve productivity. Through Cisco.com, you can find information about Cisco
and our networking solutions, services, and programs. You can also resolve
technical issues with online technical support and download software packages.
Valuable online skill assessment, training, and certification programs are also
available.
Customers and partners can self-register on
Cisco.com to obtain additional personalized information and services.
Registered users can order products, check on the status of an order, access
technical support, and view benefits specific to their relationships with
Cisco.
The Cisco TAC site is available to all customers
who need technical assistance with a Cisco product or technology that is under
warranty or covered by a maintenance contract.
If you have a priority level 3 (P3) or priority
level 4 (P4) problem, contact TAC by going to https://www.cisco.com/c/en/us/support/index.html.
P3 and P4 level problems are defined as follows:
In each of the above cases, use the Cisco TAC
site to quickly find answers to your questions.
If you cannot resolve your technical issue by
using the TAC online resources, Cisco.com registered users can open a case
online by using the TAC Case Open tool at the following site:https://mycase.cloudapps.cisco.com/create/start/
If you have a priority level 1(P1) or priority
level 2 (P2) problem, contact TAC by telephone and immediately open a case. To
obtain a directory of toll-free numbers for your country, go to the following
sites:
P1 and P2 level problems are defined as follows: