Preview Tool

Cisco Bug: CSCtb14512 - UCCX 5.0, 7.0 anonymous connections to LDAP is possible

Last Modified

Aug 06, 2018

Products (1)

  • Cisco Unified Contact Center Express

Known Affected Releases

7.0(1)SR3 8.0(2) 8.0(2)SU4

Description (partial)

<B>Symptom:</B> UCCX contains an onboard LDAP which is used to store 
information. All agent, supervisor and some other information for a UCCX cluster is contained in the LDAP 
(OpenLdap). Cisco Agent Desktop, Cisco Supervisor Desktop and Cisco Desktop Administrator read and 
write to this LDAP. UCCX operation is dependent on this LDAP for our application to work. Problem 
Description: version 5.0 , 7.0 and ( TBD unreleased 8.0) The LDAP database is accessed over TCP port 
38983. This port must be open on the UCCX server in order for CAD, CSD and CDA to function. These 
desktop products connect to the LDAP at this destination port from various source ports. Currently 
implemented, the LDAP used with our UCCX application does not require authentication to prevent the 
viewing of the information contained within this LDAP. Provided basic network access is gained to the 
UCCX over port 38983, anyone can anonymously connect to the LDAP and view agent names, agent 
extensions, MAC addresses of phones, IP addresses of phones and servers, and agent phone books and
Bug details contain sensitive information and therefore require a account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.