Guest

Preview Tool

Cisco Bug: CSCur00930 - CUCM evaluation for CVE-2014-6271, 2014-7169, 2014-6277 and 2014-6278

Last Modified

Feb 25, 2019

Products (18)

  • Cisco Unified Communications Manager (CallManager)
  • Cisco Business Edition 6000 Version 9.0
  • Cisco Unified Communications Manager Version 9.0
  • Cisco Intercompany Media Engine
  • Cisco Unity Connection Version 9.1
  • Cisco Business Edition 5000 Version 9.1
  • Cisco Business Edition 6000 Version 8.5
  • Cisco Business Edition 5000 Version 9.0
  • Cisco Business Edition 5000 Version 8.5
  • Cisco Unity Connection Version 7.1
View all products in Bug Search Tool Login Required

Known Affected Releases

10.0(1.10000.24) 10.5(1.10000.7) 5.0 5.1 6.0 6.1 7.0 7.1 7.1(5) 8.0 8.5(1) 8.6 8.6(2.10000.30) 9.0(1) 9.1(1) 9.1(2)

Description (partial)

Symptom:

This notice only discusses versions which have not reached "End-of-Software-Maintenace".
The Cisco Unified Communications Manager (UCM) versions 8, 9, and 10 includes a version of Bash that is affected by the vulnerabilities identified by the Common Vulnerability and Exposures (CVE) IDs:

CVE-2014-6271
CVE-2014-7169
CVE-2014-7186
CVE-2014-7187
CVE-2014-6277 
CVE-2014-6278

This bug has been opened to address the potential impact on this product.


Conditions:
Exposure is not configuration dependant.
Authentication is NOT required to exploit this vulnerability
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.