About this Document
This document provides installation instructions for Unified CCE 12.5(2) ES32. It also contains a list of Unified CCE issues resolved by this engineering special.
Review all installation information before installing the product. Failure to install this engineering special as described
can result in inconsistent Unified CCE behavior.
This document contains these sections:
In the Product Alert Tool,
you can set up profiles
to receive email notification of new Field Notices,
Product Alerts, or End of Sale information for your selected products.
The Product Alert Tool is available at
https://www.cisco.com/cisco/support/notifications.html.
This patch includes fixes for security vulnerabilities listed below.
Unified CCE Version Support
- Unified CCE 12.5(2)
- Packaged CCE 12.5(2)
Unified CCE Component Support
This section lists the Unified CCE components on which you can and cannot install this engineering special.
Supported Unified CCE Components
You can install Unified CCE 12.5(2) ES32 on these Unified CCE components:
- PG
- AW(Distributor)
- Logger
- Router
- Rogger
All ICM servers that has websetup (PG, AW , Logger, Router and Rogger) and admin client machines.
Unsupported Unified CCE Components
Do not install this engineering special on any components other than the following:
- PG
- AW(Distributor)
- Logger
- Router
- Rogger
- Download the patch and copy the patch to the local server where patch is going to be installed.
- Stop all ICM services and applications running on the server.
- Run the patch installer exe and follow the instructions.
- Reboot the server on successful completion of the patch install.
- Start the ICM services.
- To uninstall this patch, go to Control Panel.
- Select "Add or Remove Programs".
- Find the installed patch in the list and select "Remove".
Note: Remove patches in the reverse order of their installation. For example, if you installed patches 3, then 5, then 10 for a product, you
must uninstall patches 10, 5, and 3, in that order, to remove the patches from that product.
Resolved Caveats in this Engineering Special
This section provides a list of significant Unified CCE defects resolved by this engineering special. It contains these subsections:
- Resolved Caveats in Unified CCE 12.5(2) ES32
Note: You can view more information on and track individual Unified CCE defects using the Cisco Bug
Search tool, located at: https://bst.cloudapps.cisco.com/bugsearch/search?null.
Resolved Caveats in Unified CCE 12.5(2) ES32
This section lists caveats specifically resolved by Unified CCE 12.5(2) ES32.
Index of Resolved Caveats
Caveats in this section are ordered by UNIFIED CCE component, severity, and then identifier.
Identifier |
Severity |
Component |
Headline |
CSCwe46792 |
2 |
security |
Vulnerabilities in commons-beanutils |
CSCwf76534 |
2 |
security |
Critical CVE in component struts. Upgrade to latest version. |
CSCvz08718 |
3 |
web.setup |
Unable to start/stop the Distributor service through websetup under service management. |
CSCwf17667 |
4 |
security |
Evaluation of CVE-2023-24998 against Cisco Contact Center Enterprise |
Detailed list of Resolved Caveats in This Engineering Special
Caveats are ordered by severity then defect number.
Defect Number: CSCwe46792
Component: security
Severity: 2
Headline: Vulnerabilities in commons-beanutils
Symptom:
This product includes Third-party Software that is affected by the
vulnerabilities identified by the following Common Vulnerability and
Exposures (CVE) IDs:
CVE-2014-0114 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0114
CVE-2019-10086 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10086
The affected third-party software component has been upgraded to a version that includes fixes for the vulnerability. Future versions of the product(s) will not be affected by this vulnerability.
Conditions:
Device with default configuration.
Workaround:
NA
Further Problem Description:
Additional details about the vulnerabilities listed above can be found
at https://www.cve.org/.
PSIRT Evaluation:
The Cisco PSIRT has assigned this bug the following CVSS version 2.0 score.
The Base CVSS score as of the time of evaluation is: 7.5
https://tools.cisco.com/security/center/cvssCalculator.x?version=2.0&vector=AV:N/AC:L/Au:N/C:P/I:P/A:P
CVE ID CVE-2014-0114, CVE-2019-10086 have been assigned to document this issue.
Additional information on Cisco's security vulnerability policy can be
found at the following URL:
http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html
Getting the Patch:
The following links take you to an emergency patch, called an Engineering Special or ES.
These emergency patches are meant for deployments that are actively encountering a
specific problem and cannot wait for a formal release to include a fix.
An ES receives limited testing compared to a formal release.
Installing an ES on a production system poses a risk of instability due to that limited testing.
If you are not directly experiencing this problem, wait to install a major, minor, or maintenance
release that includes the fix for this issue.
If you experience this problem and cannot wait for a later formal release, select the ES that matches
the base release of your deployment. The base release is the front part of the ES name.
Only install an ES that matches the release that your deployment runs.
Always read the release notes or Readme file before running the patch installer.
- ICM12.6(2)_ES9 at https://software.cisco.com/download/specialrelease/4fb2f6572a510321b3a8ae06497ba958
Defect Number: CSCwf76534
Component: security
Severity: 2
Headline: Critical CVE in component struts. Upgrade to latest version.
Apache Struts coming from 3rdparty is vulnerable with Denial of Service vulnerability
Symptom:
This product includes Third-party Software that is affected by the
vulnerabilities identified by the following Common Vulnerability and
Exposures (CVE) IDs:
CVE-2023-34149 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-34149
CVE-2023-34396 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-34396
The affected third-party software component has been upgraded to a version that includes fixes for the vulnerability. Future versions of the product(s) will not be affected by this vulnerability.
Conditions:
Device with default configuration.
Workaround:
NA
Further Problem Description:
Additional details about the vulnerabilities listed above can be found
at https://www.cve.org/.
PSIRT Evaluation:
The Cisco PSIRT has assigned this bug the following CVSS version 3.1 score.
The Base CVSS score as of the time of evaluation is: 7.5
https://tools.cisco.com/security/center/cvssCalculator.x?version=3.1&vector=CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE ID CVE-2023-34149, CVE-2023-34396 have been assigned to document this issue.
Additional information on Cisco's security vulnerability policy can be
found at the following URL:
http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html
Defect Number: CSCvz08718
Component: web.setup
Severity: 3
Headline: Unable to start/stop the Distributor service through websetup under service management.
Symptom:
Start/Stop/Cycle buttons are greyed out for Distributor service in websetup
Conditions:
Try to Start/Stop/Cycle distributor service through websetup
Workaround:
None
Defect Number: CSCwf17667
Component: security
Severity: 4
Headline: Evaluation of CVE-2023-24998 against Cisco Contact Center Enterprise
Symptom:
This product includes Third-party Software that is affected by the
vulnerabilities identified by the following Common Vulnerability and
Exposures (CVE) IDs:
CVE-2023-24998 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24998
The affected third-party software component has been upgraded to a version that includes fixes for the vulnerability. Future versions of the product(s) will not be affected by this vulnerability.
Conditions:
Device with default configuration.
Workaround:
NA
Further Problem Description:
Additional details about the vulnerabilities listed above can be found
at https://www.cve.org/.
PSIRT Evaluation:
The Cisco PSIRT has assigned this bug the following CVSS version 3.1 score.
The Base CVSS score as of the time of evaluation is: 7.5
https://tools.cisco.com/security/center/cvssCalculator.x?version=3.1&vector=CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE ID CVE-2023-24998 have been assigned to document this issue.
Additional information on Cisco's security vulnerability policy can be
found at the following URL:
http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html
Getting the Patch:
The following links take you to an emergency patch, called an Engineering Special or ES.
These emergency patches are meant for deployments that are actively encountering a
specific problem and cannot wait for a formal release to include a fix.
An ES receives limited testing compared to a formal release.
Installing an ES on a production system poses a risk of instability due to that limited testing.
If you are not directly experiencing this problem, wait to install a major, minor, or maintenance
release that includes the fix for this issue.
If you experience this problem and cannot wait for a later formal release, select the ES that matches
the base release of your deployment. The base release is the front part of the ES name.
Only install an ES that matches the release that your deployment runs.
Always read the release notes or Readme file before running the patch installer.
- ICM12.6(2)_ES9 at https://software.cisco.com/download/specialrelease/4fb2f6572a510321b3a8ae06497ba958
You can access current Cisco documentation on the Support pages at the following sites:
- https://www.cisco.com
- https://www-china.cisco.com
- https://www-europe.cisco.com
Documentation Feedback
To provide comments about this document, send an email message to the
following address:
contactcenterproducts_docfeedback@cisco.com
We appreciate your comments.
Cisco.com is a starting point for all technical assistance. Customers and partners can obtain documentation, troubleshooting tips, and sample configurations from online tools. For Cisco.com registered users, additional troubleshooting tools are available from the TAC site.
Cisco.com
Cisco.com provides a broad range of features and services to help customers and partners streamline business processes and improve productivity. Through Cisco.com, you can find information about Cisco and our networking solutions, services, and programs.
You can also resolve technical issues with online technical support and download software packages. Valuable online skill assessment, training, and certification programs are also available.
Customers and partners can self-register on Cisco.com to obtain additional personalized information and services. Registered users can order products, check on the status of an order, access technical support, and view benefits specific to their relationships with Cisco.
Technical Assistance Center
The Cisco TAC site is available to all customers who need technical assistance with a Cisco product or technology that is under warranty or covered by a maintenance contract.
Contacting TAC by Using the Cisco TAC Site
If you have a priority level 3 (P3) or priority level 4 (P4) problem, contact
TAC by going to
https://www.cisco.com/c/en/us/support/index.html.
P3 and P4 level problems are defined as follows:
- P3--Your network performance is degraded. Network functionality is noticeably impaired, but most business operations continue.
- P4--You need information or assistance on Cisco product capabilities, product installation, or basic product configuration.
In each of the above cases, use the Cisco TAC site to quickly find answers to your questions.
If you cannot resolve your technical issue by using the TAC online resources,
Cisco.com registered users can open a case online by using the TAC Case Open
tool at the following site:
https://mycase.cloudapps.cisco.com/create/start/
Contacting TAC by Telephone
If you have a priority level 1(P1) or priority level 2 (P2) problem, contact TAC by telephone and immediately open a case. To obtain a directory of toll-free numbers for your country, go to the following sites:
P1 and P2 level problems are defined as follows:
- P1--Your production network is down, causing a critical impact to business operations if service is not restored quickly. No workaround is available./li>
- P2--Your production network is severely degraded, affecting significant aspects of your business operations. No workaround is available.