About this Document


This document provides installation instructions for CVP11.5(1) ES12. It also contains a list of CVP issues resolved by this engineering special. Please review all sections in this document pertaining to installation before installing the product. Failure to install this engineering special as described may result in inconsistent CVP behavior.

This document contains these sections:

Signup to Receive Email Notification of New Field Notices


The Product Alert Tool offers you the ability to set up one or more profiles that will enable you to receive email notification of new Field Notices, Product Alerts or End of Sale information for the products that you have selected.

The Product Alert Tool is available at http://www.cisco.com/cgi-bin/Support/FieldNoticeTool/field-notice

About Cisco CVP (and CVP Engineering Specials)



This ES fixes critical issues faced by customers on Cisco Unified Customer Voice Portal 11.5.
Installing this ES on older ES's will not have any negative impact.

CVP Compatibility and Support Specifications


CVP Version Support

Cisco Unified Customer Voice Portal 11.5

CVP Component Support

Supported CVP Components

CVP11.5(1) ES12 is compatible with and should be installed on these CVP components:

Unsupported CVP Components

Do not install this engineering special on any of the following components:

CVP Engineering Special Installation Planning


Installing CVP11.5(1) ES12


Follow the below steps in sequence to install this ES:

Patching the Operations Console Server ( OAMP )

1. Install this ES. It will automatically prompt for system restart. Click yes.

2. Update the below properties present in C:\Cisco\CVP\conf

       oamp.properties

3. Restart the CVP OPSConsole Server service.

Patching the CVP Server ( Call Server / VXML Server )

1. Install this ES. It will automatically prompt for system restart. Click yes.

2. Open registry editor and go to HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Apache Software Foundation\Procrun 2.0\VXMLServer\Parameters\Java

3. Update the below properties present in C:\Cisco\CVP\conf

       vxml.properties

       sip.properties

4. Restart Cisco CVP VXMLServer service, CVP CallServer service.

5. After installing, the bootstrap.tcl and bootstrap.vxml files have to be pushed to the VXML gateway and the gateway must be restarted..

Uninstall Directions for CVP11.5(1) ES12


To uninstall this patch, go to Control Panel. Select "Add or Remove Programs". Find the installed patch in the list and select "Remove".

Note: Patches have to be removed in the reverse order in which they were installed. For example, if you had installed patches 3, then 5, then 10 for a product, you will need to uninstall patches 10, 5 and 3 in that order to remove all patches for that product.

Resolved Caveats in this Engineering Special


This section provides a list of significant CVP defects resolved by this engineering special. It contains these subsections:


Note: You can view more information on and track individual CVP defects using the Cisco Bug Toolkit located at: http://www.cisco.com/support/bugtools/Bug_root.html


Resolved Caveats in CVP11.5(1) ES12

This section lists caveats specifically resolved by CVP11.5(1) ES12.

Index of Resolved Caveats

Caveats in this section are ordered by CVP component, severity, and then identifier.

Identifier Severity Component Headline
CSCvb43729 2 appsvr Context Service POD ID Not passed in POD.ID ECC Variable
CSCvc22558 3 appsvr CVP-CS De-Registration & Registration Tasks should be Event based instead of Fixed Timers
CSCvd32043 6 appsvr Context Service Serviceabilty enhancements
CSCve92752 3 oamp Cisco Unified Customer Voice Portal Operations Console Privilege Escalation Vulnerability
CSCve70560 2 security CVP Drops IVR Connection when a TCP Connection on CVP Listening Port comes from a Rogue Server
CSCvc55365 3 ss_ged CVP not filling in the user.cvp_server_info variable.
CSCup87524 2 ss_sip UUI Data not passed to PSTN via Voice GW
CSCvb57724 2 ss_sip CVP 11.5 - Call Studio Script - DNIS is replaced by the ANI
CSCvb31305 3 ss_sip CVP does not terminate a dtmf*8 transfer
CSCvb44847 3 ss_sip CVP is not removing isFocus from SIP messages
CSCve58101 5 ss_sip CVP resetting "null" ANI as SIP URI of Call server
CSCvf87136 6 ss_sip Controlling the Max Simultaneous SIP Sessions
CSCvc92728 2 ss_vxml CVP Get Speech microapp not working in 11.5
CSCvd96003 3 ss_vxml Type 7 VRU,fails with Invalid Session error
CSCvc02798 2 vxml_server Save & Deploy of Context Service Connection Data to VXML Server Fails from OAMP
CSCvd43429 2 vxml_server CVP v11.5 Call is disconnected after Capture Node
CSCvc43805 3 vxml_server VXML session count does not match with Licenses in Use
CSCvc94919 3 vxml_server Active-standby vxmlserver concept may not work in CVP11.5
CSCvc39129 6 vxml_server VXML Server as TLS client

Detailed list of Resolved Caveats in This Engineering Special

Caveats are ordered by severity then defect number.


Defect Number: CSCup87524

Component: ss_sip

Severity: 2

Headline: UUI Data not passed to PSTN via Voice GW


Symptom:
in both "call.usertouserinfo" and "user.microapp.uui" scenarios , CVP is not adding protocol descriptor in the message body of SIP BYE method ( hangup call ) . The Current SIP BYE Message Body looks like : Content-Type: application/gtd REL, PRN,isdn*,,NI***, UUS,30313030303030303030303030303030303534313538 The correct format should be Content-Type: application/gtd REL, PRN,isdn*,,NI***, UUS,3,30313030303030303030303030303030303534313538 As you see the logs the protocol descriptor (UUS, 3,) is missing in the SIP BYE message going from CVP to Gateway , and gateway throwing the error later on

Conditions:
CVP 9

Workaround:
NA

Further Problem Description:
One or more of the following links will take you to an emergency patch called an Engineering Special or ES. If you are not directly experiencing this problem, we encourage you to select or wait for a formally tested fix in an upcoming major, minor, or maintenance release. Installing any interim emergency patch or ES on a production system poses a risk of instability due to the limited testing it receives. If you believe you are currently experiencing this problem and you cannot wait for a later release, please select the link for the ES built for your system. To identify the base version for this ES, please remove _ES?? from the version name listed below. That will give you the version of the tested base release you may install a given ES over. Be sure to read the release notes or Readme file before running the patch installer.

Defect Number: CSCvb43729

Component: appsvr

Severity: 2

Headline: Context Service POD ID Not passed in POD.ID ECC Variable


Symptom:
CVP is not passing Context Service POD ID in POD.ID ECC Variable

Conditions:
In 11.5 CVP is sending Context Service POD ID Information in variable user.microapp.FromExtVXML[4] i.e. Array size of '5' instead of POD.ID ECC Variable

Workaround:
Delete the existing user.microapp.FromExtVXML ECC Variable with array size of 4 and create another user.microapp.FromExtVXML ECC Variable with array size of 6

Further Problem Description:
One or more of the following links will take you to an emergency patch called an Engineering Special or ES. If you are not directly experiencing this problem, we encourage you to select or wait for a formally tested fix in an upcoming major, minor, or maintenance release. Installing any interim emergency patch or ES on a production system poses a risk of instability due to the limited testing it receives. If you believe you are currently experiencing this problem and you cannot wait for a later release, please select the link for the ES built for your system. To identify the base version for this ES, please remove _ES?? from the version name listed below. That will give you the version of the tested base release you may install a given ES over. Be sure to read the release notes or Readme file before running the patch installer.

Defect Number: CSCvb57724

Component: ss_sip

Severity: 2

Headline: CVP 11.5 - Call Studio Script - DNIS is replaced by the ANI


Symptom:
When a call is sent from ICM Script to a CVP Call Studio Script, the DNIS (Orginal Called Number) field is populated with the ANI (Calling Party number) 10.1.1.1.1475254621514.9.HelloWorld,09/30/2016 12:57:01.514,,start,newcall, 10.1.1.1.1475254621514.9.HelloWorld,09/30/2016 12:57:01.514,,start,ani,1001 10.1.1.1.1475254621514.9.HelloWorld,09/30/2016 12:57:01.514,,start,areacode,765 10.1.1.1.1475254621514.9.HelloWorld,09/30/2016 12:57:01.514,,start,exchange,744 10.1.1.1.1475254621514.9.HelloWorld,09/30/2016 12:57:01.514,,start,dnis,1001 //DNIS is 3001 for this call. ANI is 1001.

Conditions:
CVP 11.5

Workaround:


Further Problem Description:
Install CVP11.5.1_ES7 which has a fix for this defect https://software.cisco.com/download/special/release.html?config=d9e9155b48ab4dd05d4a624e5952c934 One or more of the following links will take you to an emergency patch called an Engineering Special or ES. If you are not directly experiencing this problem, we encourage you to select or wait for a formally tested fix in an upcoming major, minor, or maintenance release. Installing any interim emergency patch or ES on a production system poses a risk of instability due to the limited testing it receives. If you believe you are currently experiencing this problem and you cannot wait for a later release, please select the link for the ES built for your system. To identify the base version for this ES, please remove _ES?? from the version name listed below. That will give you the version of the tested base release you may install a given ES over. Be sure to read the release notes or Readme file before running the patch installer.

Defect Number: CSCvc02798

Component: vxml_server

Severity: 2

Headline: Save & Deploy of Context Service Connection Data to VXML Server Fails from OAMP


Symptom:
Save & Deploy of Context Service Connection Data to VXML Server Fails from OAMP

Conditions:
During DeRegistration/Registration of CVP Context Service setup we keep noticing that the Save & Deploy Fails from OAMP Server, It looks like the VXML Server in corresponding CVP Servers are not responding properly but if we restart the CVP Server then the Save & Deploy for another 2-3 attempts will be successful and again starts Failing. Because of this issue the Context Service DeRegistration/Registration Automation Fails and also the Context Service Call Flow is impacted.

Workaround:
Restart CVP(VXML/Call)Server

Further Problem Description:
One or more of the following links will take you to an emergency patch called an Engineering Special or ES. If you are not directly experiencing this problem, we encourage you to select or wait for a formally tested fix in an upcoming major, minor, or maintenance release. Installing any interim emergency patch or ES on a production system poses a risk of instability due to the limited testing it receives. If you believe you are currently experiencing this problem and you cannot wait for a later release, please select the link for the ES built for your system. To identify the base version for this ES, please remove _ES?? from the version name listed below. That will give you the version of the tested base release you may install a given ES over. Be sure to read the release notes or Readme file before running the patch installer.

Defect Number: CSCvc92728

Component: ss_vxml

Severity: 2

Headline: CVP Get Speech microapp not working in 11.5

$$IGNORE
Symptom:
Call flow fails and the VXML Page generated as an output of MicroApp contains empty variable.

Conditions:
Call flow fails and the VXML Page generated as an output of MicroApp contains empty variable.

Workaround:
USER_MICROAPP_TOEXTVXML[1]:;VH_INTERACTION_ID The ECC variable array has an empty value, there is no value between ':' and ';' because of which that empty entry is coming in the VXML which browser is not liking. Workaround could be to modify the ECC variable and remove the ?;? before the VH_INTERACTION_ID variable in the ICM script.

Further Problem Description:
One or more of the following links will take you to an emergency patch called an Engineering Special or ES. If you are not directly experiencing this problem, we encourage you to select or wait for a formally tested fix in an upcoming major, minor, or maintenance release. Installing any interim emergency patch or ES on a production system poses a risk of instability due to the limited testing it receives. If you believe you are currently experiencing this problem and you cannot wait for a later release, please select the link for the ES built for your system. To identify the base version for this ES, please remove _ES?? from the version name listed below. That will give you the version of the tested base release you may install a given ES over. Be sure to read the release notes or Readme file before running the patch installer.

Defect Number: CSCvd43429

Component: vxml_server

Severity: 2

Headline: CVP v11.5 Call is disconnected after Capture Node


Symptom:
CVP v11.5 Call is disconnected after Capture Node

Conditions:
IVR SS was moved to vxmlserver in 11.5 and it handles microapps differently.

Workaround:
No work around.

Further Problem Description:
IVR SS was moved to vxmlserver in 11.5 and it handles microapps differently. Bug alert verified by escalation Engr Anjum. Anjum Jeelani (anjeelan) One or more of the following links will take you to an emergency patch called an Engineering Special or ES. If you are not directly experiencing this problem, we encourage you to select or wait for a formally tested fix in an upcoming major, minor, or maintenance release. Installing any interim emergency patch or ES on a production system poses a risk of instability due to the limited testing it receives. If you believe you are currently experiencing this problem and you cannot wait for a later release, please select the link for the ES built for your system. To identify the base version for this ES, please remove _ES?? from the version name listed below. That will give you the version of the tested base release you may install a given ES over. Be sure to read the release notes or Readme file before running the patch installer.

Defect Number: CSCve70560

Component: security

Severity: 2

Headline: CVP Drops IVR Connection when a TCP Connection on CVP Listening Port comes from a Rogue Server

<B>
Symptom:</B> VRU PIM connection to CVP drops when a TCP connection gets setup to CVP on the CVP listening port from a non PG server. <B>

Conditions:</B> Running CVP 11.5 <B>

Workaround:</B> Have a firewall setup to only allow the PGs to connect to CVP on the listening port. <B>

Further Problem Description:</B>

Defect Number: CSCvb31305

Component: ss_sip

Severity: 3

Headline: CVP does not terminate a dtmf*8 transfer


Symptom:
SIP call legs not cleared when doing UUI transfer to provider, can be visible in CVP OAMP and reports on UCCE - calls in progress.

Conditions:
UUI transfer to provider

Workaround:
none

Further Problem Description:
One or more of the following links will take you to an emergency patch called an Engineering Special or ES. If you are not directly experiencing this problem, we encourage you to select or wait for a formally tested fix in an upcoming major, minor, or maintenance release. Installing any interim emergency patch or ES on a production system poses a risk of instability due to the limited testing it receives. If you believe you are currently experiencing this problem and you cannot wait for a later release, please select the link for the ES built for your system. To identify the base version for this ES, please remove _ES?? from the version name listed below. That will give you the version of the tested base release you may install a given ES over. Be sure to read the release notes or Readme file before running the patch installer.

Defect Number: CSCvb44847

Component: ss_sip

Severity: 3

Headline: CVP is not removing isFocus from SIP messages


Symptom:
CVP sends isFocus on a call leg when other call leg didnt sent it. For example, if CVP is receiving isFocus on outbound leg(agent leg), CVP transfer it to ingress leg. Issue is that in subsequent updates from agent leg, if isFocus is removed, CVP still keeps on sending it to ingress leg and hence MOH is not heard on these scenarios. This should not happen as CVP is a b2bua

Conditions:
CVP 10 or above are used with isFocus in SIP messages Eg: Agent leg from CUCM sends a SIP update message with isFocus set 432285: 1.1.1.1: Sep 20 2016 13:44:05.919 -0500: %_TransactionManagement-7-com.dynamicsoft.DsLibs.DsUALibs.DsSipLlApi.TransactionManagement: processMessage(): Incoming message: UPDATE sip:1.1.1.1:5060;transport=tcp SIP/2.0 Via: SIP/2.0/TCP 2.2.2.2:5060;branch=z9hG4bKdaddf486e869d Max-Forwards: 70 To: 1002111003 ;tag=dscba0cb85 From: ;tag=745613~6657caa6-138d-4d9d-9c65-1d945e546e3e-50134331 Call-ID: 32F0F780000100000002F6A32365A20A-147439704506147821@1.1.1.1 CSeq: 104 UPDATE Content-Length: 0 Date: Tue, 20 Sep 2016 18:44:05 GMT User-Agent: Cisco-CUCM10.5 Supported: timer,resource-priority,replaces Supported: X-cisco-srtp-fallback Supported: Geolocation Allow: INVITE, OPTIONS, INFO, BYE, CANCEL, ACK, PRACK, UPDATE, REFER, SUBSCRIBE, NOTIFY Call-Info: ;x-cisco-video-traffic-class=VIDEO_UNSPECIFIED Min-SE: 7200 P-Asserted-Identity: "RA 1002111001" Remote-Party-ID: "RA 1002111001" ;party=calling;screen=yes;privacy=off Contact: ;isFocus CVP sent the update to ingress with isFocus attached 432326: 1.1.1.1: Sep 20 2016 13:44:05.919 -0500: %_Connection-7-com.dynamicsoft.DsLibs.DsUALibs.DsSipLlApi.Connection: Sending Message (NB): UPDATE sip:1002111003@3.3.3.3:5060;transport=tcp SIP/2.0 Via: SIP/2.0/TCP 1.1.1.1:5060;branch=z9hG4bKEzZ0YGmm8alYK.nOG3NVUQ~~1915283 Max-Forwards: 69 To: ;tag=1383563~6657caa6-138d-4d9d-9c65-1d945e546e3e-252607494 From: ;tag=dsb362cb18 Call-ID: 32f0f780-7e118374-af37e-2365a20a@3.3.3.3 CSeq: 5 UPDATE Content-Length: 0 Contact: ;isFocus Date: Tue, 20 Sep 2016 18:44:05 GMT Allow: INVITE, OPTIONS, INFO, BYE, CANCEL, ACK, PRACK, UPDATE, REFER, SUBSCRIBE, NOTIFY Call-Info: ;x-cisco-video-traffic-class=VIDEO_UNSPECIFIED Min-SE: 7200 P-Asserted-Identity: "RA 1002111001" Remote-Party-ID: "RA 1002111001" ;party=calling;screen=yes;privacy=off Supported: timer Supported: resource-priority Supported: replaces Supported: X-cisco-srtp-fallback Supported: Geolocation However, in subsequent updates from CUCM to CVP, isfocus will be removed but CVP will not remove that and send those updates to Ingress, creating the issue There will be no error however you need to look at the SIP signalling.

Workaround:
None

Further Problem Description:
One or more of the following links will take you to an emergency patch called an Engineering Special or ES. If you are not directly experiencing this problem, we encourage you to select or wait for a formally tested fix in an upcoming major, minor, or maintenance release. Installing any interim emergency patch or ES on a production system poses a risk of instability due to the limited testing it receives. If you believe you are currently experiencing this problem and you cannot wait for a later release, please select the link for the ES built for your system. To identify the base version for this ES, please remove _ES?? from the version name listed below. That will give you the version of the tested base release you may install a given ES over. Be sure to read the release notes or Readme file before running the patch installer.
  • CVP11.5(1)_ES12 at http://www.cisco.com/cisco/software/special/release.html?config=4b366b1f1a9c2ddfbe24b19b9ec02218

Defect Number: CSCvc22558

Component: appsvr

Severity: 3

Headline: CVP-CS De-Registration & Registration Tasks should be Event based instead of Fixed Timers


Symptom:
CVP-CS De-Registration & Registration Tasks should be Event based instead of Fixed Timers

Conditions:
The Context Service De-Registration or Registration should be deterministic i.e. Event Based instead of fixed timers. After De-Registration the automation should not wait for few mins or have fixed timers before starting Registration, Instead the Clients i.e. CVP in this case should enable Register button only after the De-Registration cleanup has completed (i.e If state listener is triggered) We need to have Event based mechanism in place for De-Registration & Registration Button to be even enabled i.e. Based on the Events triggered from CS Cloud the Clients i.e. CVP in this case should enable the Register/De-Register Buttons in the OAMP UI accordingly.

Workaround:
Introducing fixed Timers which can lead to inconsistency in Automation

Further Problem Description:
One or more of the following links will take you to an emergency patch called an Engineering Special or ES. If you are not directly experiencing this problem, we encourage you to select or wait for a formally tested fix in an upcoming major, minor, or maintenance release. Installing any interim emergency patch or ES on a production system poses a risk of instability due to the limited testing it receives. If you believe you are currently experiencing this problem and you cannot wait for a later release, please select the link for the ES built for your system. To identify the base version for this ES, please remove _ES?? from the version name listed below. That will give you the version of the tested base release you may install a given ES over. Be sure to read the release notes or Readme file before running the patch installer.
  • CVP11.5(1)_ES12 at http://www.cisco.com/cisco/software/special/release.html?config=4b366b1f1a9c2ddfbe24b19b9ec02218

Defect Number: CSCvc43805

Component: vxml_server

Severity: 3

Headline: VXML session count does not match with Licenses in Use

$$PREFCS
Symptom:
VXML session count does not match with the Licenses in Use

Conditions:
During load test

Workaround:
NA

Further Problem Description:
One or more of the following links will take you to an emergency patch called an Engineering Special or ES. If you are not directly experiencing this problem, we encourage you to select or wait for a formally tested fix in an upcoming major, minor, or maintenance release. Installing any interim emergency patch or ES on a production system poses a risk of instability due to the limited testing it receives. If you believe you are currently experiencing this problem and you cannot wait for a later release, please select the link for the ES built for your system. To identify the base version for this ES, please remove _ES?? from the version name listed below. That will give you the version of the tested base release you may install a given ES over. Be sure to read the release notes or Readme file before running the patch installer.
  • CVP11.5(1)_ES12 at http://www.cisco.com/cisco/software/special/release.html?config=4b366b1f1a9c2ddfbe24b19b9ec02218

Defect Number: CSCvc55365

Component: ss_ged

Severity: 3

Headline: CVP not filling in the user.cvp_server_info variable.


Symptom:
CVP is not filling in the user.cvp_server_info variable.

Conditions:
CVP 11.5(1)

Workaround:
None.

Further Problem Description:
One or more of the following links will take you to an emergency patch called an Engineering Special or ES. If you are not directly experiencing this problem, we encourage you to select or wait for a formally tested fix in an upcoming major, minor, or maintenance release. Installing any interim emergency patch or ES on a production system poses a risk of instability due to the limited testing it receives. If you believe you are currently experiencing this problem and you cannot wait for a later release, please select the link for the ES built for your system. To identify the base version for this ES, please remove _ES?? from the version name listed below. That will give you the version of the tested base release you may install a given ES over. Be sure to read the release notes or Readme file before running the patch installer.
  • CVP11.5(1)_ES12 at http://www.cisco.com/cisco/software/special/release.html?config=4b366b1f1a9c2ddfbe24b19b9ec02218

Defect Number: CSCvc94919

Component: vxml_server

Severity: 3

Headline: Active-standby vxmlserver concept may not work in CVP11.5

$$IGNORE active standby vxmlserver concept may not work
Symptom:
Associate 2 VXMLServers to CVP callserver and stop the main VXMLserver. See if call is handled by standby VXMLServer.

Conditions:


Workaround:


Further Problem Description:
One or more of the following links will take you to an emergency patch called an Engineering Special or ES. If you are not directly experiencing this problem, we encourage you to select or wait for a formally tested fix in an upcoming major, minor, or maintenance release. Installing any interim emergency patch or ES on a production system poses a risk of instability due to the limited testing it receives. If you believe you are currently experiencing this problem and you cannot wait for a later release, please select the link for the ES built for your system. To identify the base version for this ES, please remove _ES?? from the version name listed below. That will give you the version of the tested base release you may install a given ES over. Be sure to read the release notes or Readme file before running the patch installer.
  • CVP11.5(1)_ES16 at http://www.cisco.com/cisco/software/special/release.html?config=99c110b6465cbd3e78ba230dbd69628b

Defect Number: CSCvd96003

Component: ss_vxml

Severity: 3

Headline: Type 7 VRU,fails with Invalid Session error


Symptom:
All calls to Type 7 VRU fail with following errors EventRouter:executeEvent: Session not found or destroyed for the event handle Invalid Session IVREvent Cause=E_SERVICE_CTRL_NOT_SUPPORTED

Conditions:
Type 7 VRU Only on UCCE 11.5(1)

Workaround:
Use Type 10 VRU

Further Problem Description:
One or more of the following links will take you to an emergency patch called an Engineering Special or ES. If you are not directly experiencing this problem, we encourage you to select or wait for a formally tested fix in an upcoming major, minor, or maintenance release. Installing any interim emergency patch or ES on a production system poses a risk of instability due to the limited testing it receives. If you believe you are currently experiencing this problem and you cannot wait for a later release, please select the link for the ES built for your system. To identify the base version for this ES, please remove _ES?? from the version name listed below. That will give you the version of the tested base release you may install a given ES over. Be sure to read the release notes or Readme file before running the patch installer.
  • CVP11.5(1)_ES12 at http://www.cisco.com/cisco/software/special/release.html?config=4b366b1f1a9c2ddfbe24b19b9ec02218

Defect Number: CSCve92752

Component: oamp

Severity: 3

Headline: Cisco Unified Customer Voice Portal Operations Console Privilege Escalation Vulnerability


Symptom:
A vulnerability in the Operations, Administration, Maintenance, and Provisioning (OAMP) credential reset functionality for Cisco Unified Customer Voice Portal (CVP) could allow an authenticated, remote attacker to gain elevated privileges. The vulnerability is due to a lack of proper input validation. An attacker could exploit this vulnerability by authenticating to the OAMP and sending a crafted HTTP request. A successful exploit could allow the attacker to gain administrator privileges. The attacker must successfully authenticate to the system to exploit this vulnerability. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170920-cvp

Conditions:
Please refer to Security Advisory.

Workaround:
Please refer to Security Advisory.

Further Problem Description:
Please refer to Security Advisory. PSIRT Evaluation: The Cisco PSIRT has assigned this bug the following CVSS version 3 score. The Base CVSS score as of the time of evaluation is 8.8: https://tools.cisco.com/security/center/cvssCalculator.x?version=3.0&vector=CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:X/RL:X/RC:X CVE ID CVE-2017-12214 has been assigned to document this issue. Additional information on Cisco's security vulnerability policy can be found at the following URL: http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html

Defect Number: CSCve58101

Component: ss_sip

Severity: 5

Headline: CVP resetting "null" ANI as SIP URI of Call server


Symptom:
CVP 11.5, URI or Call Server is seen as ANI in VXML logs and reports

Conditions:
CVP 11.5 with "null" ANI

Workaround:
Create SIP profiles on ingress gateway to replace "null" ANI with a dummy value

Further Problem Description:
I see gateway sending CVP the invite 1049: 2.2.2.2: May 09 2017 17:02:04.026 -0400: %_TransactionManagement-7-com.dynamicsoft.DsLibs.DsUALibs.DsSipLlApi.TransactionManagement: processMessage(): Incoming message: INVITE sip:4033674006@2.2.2.2:5060 SIP/2.0 Via: SIP/2.0/TCP 3.3.3.3:5060;branch=z9hG4bK820223F Max-Forwards: 68 To: From: sip:1.1.1.1;tag=4B94DC88-13C3 Call-ID: 9678C9C1-343111E7-B99CAC4F-1C886D30@3.3.3.3 CVP complains no ANI: 3016: 2.2.2.2: May 09 2017 17:02:04.026 -0400: %CVP_11_5_SIP-7-CALL: {Thrd=DATAI.3} CALLGUID = 95DFD9DA343111E7B996AC4F1C886D30 LEGID = 9678C9C1-343111E7-B99CAC4F-1C886D30 - [INBOUND]: FROM hdr USER portion (calling-number ANI) is missing. New call statement shows null in Call server logs: 3019: 2.2.2.2: May 09 2017 17:02:04.026 -0400: %CVP_11_5_SIP-7-CALL: {Thrd=DATAI.3} NEW CALL with guid=95DFD9DA343111E7B996AC4F1C886D30 legid=9678C9C1-343111E7-B99CAC4F-1C886D30 dn=4033674006 ani=null uui=null calldate=Tue May 09 17:02:04 EDT 2017 video=false cachecallcontext = true is_postcallsurvey = false RouterCallKey = null RouterCallKeyDay = null RouterCallKeySequenceNumber = null A VXML leg is created then: 1116: 2.2.2.2: May 09 2017 17:02:04.260 -0400: %_Connection-7-com.dynamicsoft.DsLibs.DsUALibs.DsSipLlApi.Connection: Sending Message (NB): INVITE sip:77711110007690@3.3.3.3;transport=tcp SIP/2.0 Via: SIP/2.0/TCP 2.2.2.2:5060;branch=z9hG4bKax65H9yxKKXBZOoKqMPiwA~~130801 Max-Forwards: 67 To: From: "unknown--CVP_11_5_1_0_1_0_349" ;tag=ds117ca34 Call-ID: 95DFD9DA343111E7B996AC4F1C886D30-149436372424441@2.2.2.2 CSeq: 1 INVITE Content-Length: 250 Contact: Expires: 60 User-Agent: CVP 11.5 (1) ES-7 Build-70 Call-Info: ;purpose=x-cisco-origIP Remote-Party-ID: "unknown--CVP_11_5_1_0_1_0_349" ;party=calling;screen=no;privacy=off And in VXML logs, we see ANI as the URI (ani=sip:2.2.2.2:5060) 39423: 2.2.2.2: May 09 2017 17:02:04.291 -0400: %CVP_11_5_VXML_SERVER-6-VXML_INFO: Sending CALL_NEW ClientNewCallEvent,sessionId=95DFD9DA343111E7B996AC4F1C886D30 ani=sip:2.2.2.2:5060 dnis=77711110007690 uui= callId=95DFD9DA343111E7B996AC4F1C886D30-149436372424441@2.2.2.2 seqNo=1 invokationId=0 message=null ccbServletUrl= ccbServletReqTimeout=0 switch_leg_ani= switch_leg_dnis= [id:6000] In CVP 11.0 lab New call statement shows null in Call server logs: 342: 10.201.224.198: May 09 2017 14:39:14.653 -0700: %CVP_11_0_SIP-7-CALL: {Thrd=DATAI.0} NEW CALL with guid=4EEEFF20340811E796F6A75BE474A543 legid=4EEF9BE1-340811E7-96F9A75B-E474A543 dn=8005542447 ani=null uui= calldate=Tue May 09 14:39:14 PDT 2017 video=false cachecallcontext = false is_postcallsurvey = false RouterCallKey = null RouterCallKeyDay = null RouterCallKeySequenceNumber = null And in VXML logs, I see null as well for ANI 12854: 10.201.224.198: May 09 2017 14:39:15.060 -0700: %CVP_11_0_VXML_SERVER-7-CALL: {Thrd=http-processor8} Controller:newCall: CALLGUID=4EEEFF20340811E796F6A75BE474A543 - [NEW_CALL] - appname=HelloWorld, RemoteHost=10.201.224.205, RemoteAddr=10.201.224.205, cookie=null DNIS=8005542447 ANI=null

Defect Number: CSCvc39129

Component: vxml_server

Severity: 6

Headline: VXML Server as TLS client


Symptom:
When using the VXML Server as TLS client, trying to setup TLS session from custom element code to remote web server, only TLS 1.0 is supported. The documentation is not clear about this. We need a clear note providing this information to avoid confusion.

Conditions:
CVP 10.5 uses JDK 7 and JDK 7 does not support TLS 1.1 or TLS 1.2 for client.

Workaround:
There are some potential workarounds, but this is something customer will need to manage from their custom element code. http://superuser.com/questions/747377/enable-tls-1-1-and-1-2-for-clients-on-java-7 So there needs to be explicit code in the element to enable TLS 1.2. TLS 1.0 is supported by default.

Further Problem Description:
One or more of the following links will take you to an emergency patch called an Engineering Special or ES. If you are not directly experiencing this problem, we encourage you to select or wait for a formally tested fix in an upcoming major, minor, or maintenance release. Installing any interim emergency patch or ES on a production system poses a risk of instability due to the limited testing it receives. If you believe you are currently experiencing this problem and you cannot wait for a later release, please select the link for the ES built for your system. To identify the base version for this ES, please remove _ES?? from the version name listed below. That will give you the version of the tested base release you may install a given ES over. Be sure to read the release notes or Readme file before running the patch installer.
  • CVP11.0(1)_ES25 at http://www.cisco.com/cisco/software/special/release.html?config=d671fa2901152c85a4ac519c5eadac11

Defect Number: CSCvd32043

Component: appsvr

Severity: 6

Headline: Context Service Serviceabilty enhancements


Symptom:
Not sufficient data to debug any context Service failures

Conditions:
When using context service functionality

Workaround:


Further Problem Description:
One or more of the following links will take you to an emergency patch called an Engineering Special or ES. If you are not directly experiencing this problem, we encourage you to select or wait for a formally tested fix in an upcoming major, minor, or maintenance release. Installing any interim emergency patch or ES on a production system poses a risk of instability due to the limited testing it receives. If you believe you are currently experiencing this problem and you cannot wait for a later release, please select the link for the ES built for your system. To identify the base version for this ES, please remove _ES?? from the version name listed below. That will give you the version of the tested base release you may install a given ES over. Be sure to read the release notes or Readme file before running the patch installer.
  • CVP11.5(1)_ES12 at http://www.cisco.com/cisco/software/special/release.html?config=4b366b1f1a9c2ddfbe24b19b9ec02218

Defect Number: CSCvf87136

Component: ss_sip

Severity: 6

Headline: Controlling the Max Simultaneous SIP Sessions


Symptom:
On 11.0 and 11.5 we do not have a mechanism to control the maximum number of sip sessions on CVP. Call Server.

Conditions:
On 11.0 and 11.5 we do not have a mechanism to control the maximum number of sip sessions on CVP. Call Server.

Workaround:
NA

Further Problem Description:
On 11.0 and 11.5 we do not have a mechanism to control the maximum number of sip sessions on CVP. Call Server. One or more of the following links will take you to an emergency patch called an Engineering Special or ES. If you are not directly experiencing this problem, we encourage you to select or wait for a formally tested fix in an upcoming major, minor, or maintenance release. Installing any interim emergency patch or ES on a production system poses a risk of instability due to the limited testing it receives. If you believe you are currently experiencing this problem and you cannot wait for a later release, please select the link for the ES built for your system. To identify the base version for this ES, please remove _ES?? from the version name listed below. That will give you the version of the tested base release you may install a given ES over. Be sure to read the release notes or Readme file before running the patch installer.
  • CVP11.0(1)_ES26 at http://www.cisco.com/cisco/software/special/release.html?config=1168598edc5ffaf8f77201ce060bc1dc

Obtaining Documentation


The following sections provide sources for obtaining documentation from Cisco Systems.

World Wide Web

You can access the most current Cisco documentation on the World Wide Web at the following sites:

  • http://www.cisco.com
  • http://www-china.cisco.com
  • http://www-europe.cisco.com

Documentation CD-ROM

Cisco documentation and additional literature are available in a CD-ROM package, which ships with your product. The Documentation CD-ROM is updated monthly and may be more current than printed documentation. The CD-ROM package is available as a single unit or as an annual subscription.

Ordering Documentation

Cisco documentation is available in the following ways:

  • Registered Cisco Direct Customers can order Cisco Product documentation from the Networking Products MarketPlace: http://www.cisco.com/cgi-bin/order/order_root.pl
  • Registered Cisco.com users can order the Documentation CD-ROM through the online Subscription Store: http://www.cisco.com/go/subscription
  • Nonregistered Cisco.com users can order documentation through a local account representative by calling Cisco corporate headquarters (California, USA) at 408-526-7208 or, in North America, by calling 800-553-NETS(6387).

Documentation Feedback

If you are reading Cisco product documentation on the World Wide Web, you can submit technical comments electronically. Click Feedback in the toolbar and select Documentation. After you complete the form, click Submit to send it to Cisco.

You can e-mail your comments to bug-doc@cisco.com.

To submit your comments by mail, use the response card behind the front cover of your document, or write to the following address:

Attn Document Resource Connection
Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134-9883

We appreciate your comments.

Obtaining Technical Assistance


Cisco provides Cisco.com as a starting point for all technical assistance. Customers and partners can obtain documentation, troubleshooting tips, and sample configurations from online tools. For Cisco.com registered users, additional troubleshooting tools are available from the TAC website.

Cisco.com

Cisco.com is the foundation of a suite of interactive, networked services that provides immediate, open access to Cisco information and resources at anytime, from anywhere in the world. This highly integrated Internet application is a powerful, easy-to-use tool for doing business with Cisco.

Cisco.com provides a broad range of features and services to help customers and partners streamline business processes and improve productivity. Through Cisco.com, you can find information about Cisco and our networking solutions, services, and programs. In addition, you can resolve technical issues with online technical support, download and test software packages, and order Cisco learning materials and merchandise. Valuable online skill assessment, training, and certification programs are also available.

Customers and partners can self-register on Cisco.com to obtain additional personalized information and services. Registered users can order products, check on the status of an order, access technical support, and view benefits specific to their relationships with Cisco.

To access Cisco.com, go to: http://www.cisco.com

Technical Assistance Center

The Cisco TAC website is available to all customers who need technical assistance with a Cisco product or technology that is under warranty or covered by a maintenance contract.

Contacting TAC by Using the Cisco TAC Website

If you have a priority level 3 (P3) or priority level 4 (P4) problem, contact TAC by going to the TAC website: http://www.cisco.com/tac

P3 and P4 level problems are defined as follows:

  • P3--Your network performance is degraded. Network functionality is noticeably impaired, but most business operations continue.
  • P4--You need information or assistance on Cisco product capabilities, product installation, or basic product configuration.

In each of the above cases, use the Cisco TAC website to quickly find answers to your questions.

To register for Cisco.com, go to the following website: http://www.cisco.com/register/

If you cannot resolve your technical issue by using the TAC online resources, Cisco.com registered users can open a case online by using the TAC Case Open tool at the following website: http://www.cisco.com/tac/caseopen

Contacting TAC by Telephone

If you have a priority level 1(P1) or priority level 2 (P2) problem, contact TAC by telephone and immediately open a case. To obtain a directory of toll-free numbers for your country, go to the following website: http://www.cisco.com/warp/public/687/Directory/DirTAC.shtml

P1 and P2 level problems are defined as follows:

  • P1--Your production network is down, causing a critical impact to business operations if service is not restored quickly. No workaround is available.
  • P2--Your production network is severely degraded, affecting significant aspects of your business operations. No workaround is available.