This document provides installation instructions for Unified CCE 12.6(2) ES7. It also contains a list of Unified CCE issues resolved by this engineering special. Review all installation information before installing the product. Failure to install this engineering special as described can result in inconsistent Unified CCE behaviour.
This document contains these sections:
In the Product
Alert Tool, you can set up profiles to receive email notification of new
Field Notices, Product Alerts, or End of Sale information for your selected
products.
The Product
Alert Tool is available at https://www.cisco.com/cisco/support/notifications.html.
Unified CCE 12.6(2) ES7 resolves the following security
vulnerabilities.
·
Vulnerabilities related
to Azul JRE used by AppDynamics Machine Agent packaged with CCE - CVE-2023-21939,
CVE-2022-39399, CVE-2023-21830, CVE-2022-21626, CVE-2023-21835, CVE-2023-21937,
CVE-2023-21967, CVE-2023-21843, CVE-2023-21930, CVE-2023-21938, CVE-2023-21968,
CVE-2023-21954, CVE-2022-21618, CVE-2022-21619, CVE-2022-21628, CVE-2022-21624.
·
Vulnerability observed
in Apache Tomcat version used by CCE - CVE-2020-1938.
·
Vulnerabilities observed
in the OpenLogic OpenJDK JRE used by CCE - CVE-2021-20264, CVE-2022-21248,
CVE-2022-21282, CVE-2022-21283, CVE-2022-21293, CVE-2022-21294, CVE-2022-21296,
CVE-2022-21299, CVE-2022-21305, CVE-2022-21340, CVE-2022-21341, CVE-2022-21349,
CVE-2022-21360, CVE-2022-21365, CVE-2022-21426, CVE-2022-21434, CVE-2022-21443,
CVE-2022-21476, CVE-2022-21496, CVE-2022-21540, CVE-2022-21541, CVE-2022-34169,
CVE-2023-21968.
CCE 12.6(2) ES7 need to be applied on CCE deployment irrespective
of AppDynamics is enabled or not.
Note (Applies only if AppDynamics performance monitoring is enabled) :
Before installing Unified CCE 12.6(2) ES7 on the Distributor node,
disable AppDynamics performance monitoring on 12.6(2) and re-enable it after
installing the ES7. If AppDynamics performance monitoring is not disabled
before ES7 is installed on the Distributor node, then post ES7 installation
restart the Distributor node.
This section lists the Unified CCE components on which you can and cannot install this engineering special.
You can install Unified CCE 12.6(2) ES7 on these Unified CCE components:
Do not install this engineering special on any
components other than the following:
The installation or uninstallation of this patch requires a planned maintenance window with some expected downtime of a few seconds / minutes: No
Note: Anti-virus software
have known to cause issues during the installation of Unified CCE 12.6(2) ES7.
So, please disable the anti-virus services on the CCE machine before installing
this ES.
If the Unified CCE
Services are set to manual, using the Unified CCE Service Control, start all
the Unified CCE Services.
Note: Remove patches in the reverse order of their installation. For example, if you installed patches 3, then 5, then 10 for a product, you must uninstall patches 10, 5, and 3, in that order, to remove the patches from that product.
This section provides a list of significant Unified CCE defects resolved by this engineering special. It contains these subsections:
Note: You can view more information on and track individual Unified CCE defects using the Cisco Bug Search tool, located at: https://bst.cloudapps.cisco.com/bugsearch/search?null.
This section lists caveats specifically resolved by Unified CCE 12.6(2) ES7.
Caveats in this section are ordered by UNIFIED CCE component, severity, and then identifier.
|
Identifier |
Severity |
Component |
Headline |
|
CSCwf65121 |
2 |
appd |
Vulnerabilities
for AppD Client JDK on UCCE/PCCE |
|
CSCwf76535 |
2 |
security |
Critical
CVE in component tomcat. Upgrade to latest version. |
|
CSCwf84197 |
7 |
security |
Vulnerabilities
in openjdk 1.8.0 |
Caveats are ordered by severity then defect number.
Defect Number: CSCwf65121
Component: appd
Severity: 2
Headline: Vulnerabilities for AppD Client JDK on UCCE/PCCE
Symptom:
This product includes a version of Java that is affected by the vulnerabilities
identified by the following Common Vulnerability and Exposures (CVE) IDs:
CVE-2023-21939,CVE-2022-39399,CVE-2023-21830,CVE-2022-21626,CVE-2023-21835,CVE-2023-21937,CVE-2023-21967,CVE-2023-21843,CVE-2023-21930,CVE-2023-21938,CVE-2023-21968,CVE-2023-21954,CVE-2022-21618,CVE-2022-21619,CVE-2022-21628,CVE-2022-21624
This bug was opened to address the potential impact on this product.
Conditions: Device with default configuration.
Workaround: The below workaround is only applicable to the customers who
are not using Appdynamics Performance monitoring feature. Step1: Copy script
C:\icm\install\UninstallService.vbs to
C:\Cisco\AppDynamics\MachineAgent\UninstallService.vbs Step2: From command prompt
run -> C:\icm\install\MachineAgentService.bat UninstallService
C:\Cisco\AppDynamics\MachineAgent Step3: Delete the folder
C:\Cisco\AppDynamics\MachineAgent NOTE: Machine Agent ZIP folder will be there
in C:\icm\install, if scan detects zip folder then that also can be deleted.
Further Problem Description: Additional details about the vulnerabilities
listed above can be found at https://www.cve.org/. PSIRT Evaluation: The
Cisco PSIRT has assigned this bug the following CVSS version 3.1 score. The
Base CVSS score as of the time of evaluation is: 7.4
https://sec.cloudapps.cisco.com/security/center/cvssCalculator.x?version=3.1&vector=CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
CVE ID CVE-2023-21939,CVE-2022-39399,CVE-2023-21830,CVE-2022-21626,CVE-2023-21835,CVE-2023-21937,CVE-2023-21967,CVE-2023-21843,CVE-2023-21930,CVE-2023-21938,CVE-2023-21968,CVE-2023-21954,CVE-2022-21618,CVE-2022-21619,CVE-2022-21628,CVE-2022-21624
have been assigned to document this issue. Additional information on Cisco's
security vulnerability policy can be found at the following URL:
https://sec.cloudapps.cisco.com/security/center/resources/security_vulnerability_policy.html
Defect Number: CSCwf76535
Component: security
Severity: 2
Headline: Critical CVE in component tomcat. Upgrade to latest version.
$$IGNORE-PSIRT
Symptom: Tomcat Vulnerabilities are seen in CCE machines.
Conditions: Vulnerabilities are seen in CCE machines where the installed
Tomcat version is lesser than 9.0.76
Workaround: Use the "Tomcat Upgrade Utility" to upgrade Apache
Tomcat to 9.0.76
Further Problem Description: Additional details about the vulnerabilities
listed above can be found at https://www.cve.org/
Vulnerability
observed - CVE-2020-1938
Defect Number: CSCwf84197
Component: security
Severity: 7
Headline: Vulnerabilities in openjdk 1.8.0
$$IGNORE-PSIRT
Symptom: OpenJDK Vulnerabilities are seen in CCE machines.
Conditions: Vulnerabilities are seen in CCE machines where CCE_JAVA_HOME
environment variable points to a JRE version lesser than 8u372-b07
Workaround: Upgrade to OpenLogic OpenJDK JRE 8u372-b07 (32 bit) manually.
Further Problem Description: Additional details about the vulnerabilities
listed above can be found at https://www.cve.org/
Vulnerabilities
observed - CVE-2021-20264, CVE-2022-21248, CVE-2022-21282, CVE-2022-21283,
CVE-2022-21293, CVE-2022-21294, CVE-2022-21296, CVE-2022-21299, CVE-2022-21305,
CVE-2022-21340, CVE-2022-21341, CVE-2022-21349, CVE-2022-21360, CVE-2022-21365,
CVE-2022-21426, CVE-2022-21434, CVE-2022-21443, CVE-2022-21476, CVE-2022-21496,
CVE-2022-21540, CVE-2022-21541, CVE-2022-34169, CVE-2023-21968
You can access current Cisco documentation on the Support pages at the following sites:
To provide comments about this document, send an email message to the following address:
contactcenterproducts_docfeedback@cisco.com
We appreciate your comments.
Cisco.com is a starting point for all technical assistance. Customers and partners can obtain documentation, troubleshooting tips, and sample configurations from online tools. For Cisco.com registered users, additional troubleshooting tools are available from the TAC site.
Cisco.com provides a broad range of features and services to help customers and partners streamline business processes and improve productivity. Through Cisco.com, you can find information about Cisco and our networking solutions, services, and programs. You can also resolve technical issues with online technical support and download software packages. Valuable online skill assessment, training, and certification programs are also available.
Customers and partners can self-register on Cisco.com to obtain additional personalized information and services. Registered users can order products, check on the status of an order, access technical support, and view benefits specific to their relationships with Cisco.
The Cisco TAC site is available to all customers who need technical assistance with a Cisco product or technology that is under warranty or covered by a maintenance contract.
If you have a priority level 3 (P3) or priority level 4 (P4) problem, contact TAC by going to https://www.cisco.com/c/en/us/support/index.html.
P3 and P4 level problems are defined as follows:
In each of the above cases, use the Cisco TAC site to quickly find answers to your questions.
If you cannot resolve your technical issue by using the TAC online resources, Cisco.com registered users can open a case online by using the TAC Case Open tool at the following site: https://mycase.cloudapps.cisco.com/create/start/
If you have a priority level 1(P1) or priority level 2 (P2) problem, contact TAC by telephone and immediately open a case. To obtain a directory of toll-free numbers for your country, go to the following sites:
P1 and P2 level problems are defined as follows: