Home » Security Advisory

Security Advisory

October 1, 2019

Darrel Bremer, Head of Customer Success, VOSS Solutions

Cisco HCS partners who are still operating CUCDM Classic and CUCDM Evolution are at risk of underlying operating systems and software packages going out of support. As both these CUCDM versions are reaching the end of their respective lifecycles, there is no further planned product development.

The most prominent risk of running software that is built on outdated operating systems, or make use of out-of-support third party software packages, is the inability to respond to security vulnerabilities as they arise. Should a vulnerability be identified on out-of-date CUCDM Classic or CUCDM Evolution platforms, it may not be possible for HCS partners to respond to their customers’ requests to resolve these issues, which will put them at risk of not meeting their customers’ SLAs.

Most recent examples of the identification of critical security vulnerabilities include:

  • TCP SACK (CVE-2019-11477, CVE-2019-11478, CVE-2019-11479)
  • FRAGMENTSMACK VULNERABILITY (CVE-2018-5391)
  • MELTDOWN AND SPECTRE (CVE-2017-5754, CVE-2018-3640)

The EOL schedule for third party software / libraries:

  • Ubuntu 14 EOL – 30 April 2019 (all CUCDM versions)
  • Mongo 3.4 EOL – 31 January 2020 (all CUCDM versions)
  • Python 2.7 EOL – 31 December 2019 (all CUCDM versions)

In addition to the security compliance and security vulnerability risk mitigation of Cisco’s EOL for CUCDM, partners are also at risk of not having support and maintenance coverage for their HCS domain management platforms. Taking this into account, as well as Cisco’s ‘N-2’ version support approach, Cisco HCS partners may already be at risk of not being covered under their existing agreements.

At VOSS, we recommend that all HCS partners convert their CUCDM Classic or CUCDM Evolution platforms to VOSS-4-UC to ensure that their UC domain management platform runs on in-support operating systems, supports third-party software packages, and gives access to a dynamic support service.

VOSS-4-UC provides significant scalability, stability, and performance improvements to support HCS partners’ operational processes, which includes new customer onboarding projects, customer migration activities, as well as highly automated and dynamic day-2 operations. We also recommend that existing VOSS-4-UC customers upgrade to the latest software releases, to benefit from a host of performance and scalability improvements, as well as the extensive list of new features and integration opportunities.

Although VOSS will always strive to assist HCS partners in an attempt to mitigate security vulnerabilities, when a partner’s platform runs older software, it may not always be technically possible to deliver a security fix within the specified SLAs. We, therefore, urge HCS partners to upgrade CUCDM Evolution platforms to VOSS-4-UC 19.2.1, and migrate any existing CUCDM Classic platform to VOSS-4-UC 19.2.1 as soon as possible.

Should you require any support or assistance regarding your move to VOSS-4-UC, please contact your regional VOSS Account Management Team or contact the VOSS Customer Success Team.

Impacted Versions

For more information, please contact us.