Re: [cisco-voip] Spectre and Meltdown remediation as relevant to Cisco systems

The only baremetal versions of those products that would require a patch are the ones that ran on Windows. Since we moved to linux root has been locked down and you can’t run custom code on the box, which is a requirement for exploitation of this vulnerability. -Ryan On Jan 9, 2018, at 9:58 PM

Re: [cisco-voip] Spectre and Meltdown remediation as relevant to Cisco systems

OK. Thanks. This helps. --- Lelio Fulgenzi, B.A. | Senior Analyst Computing and Communications Services | University of Guelph Room 037 Animal Science & Nutrition Bldg | 50 Stone Rd E | Guelph, ON | N1G 2W1 519-824-4120 Ext. 56354 | le...@uoguelph.ca www.uoguelph.ca/ccs<

[cisco-voip] High Availability for 3rd Party Spectra Link phones

Hi Team We have clustered CUCM for geographically dispersed Distribution Center and retails. We have deployed Spectra link Phones to those distribution centers. We run into some issues and our servers which Spectra link registered to went down for days and customers at DC was not able to use S

Re: [cisco-voip] Spectre and Meltdown remediation as relevant to Cisco systems

OK – Just so I’m clear why the baremetal UCOS version isn’t vulnerable… Is it because this is a “local attack” ? And needs someone to login to the shell? https://tools.cisco.com/security/center/viewAlert.x?alertId=56354 : CPU hardware contains multiple vulnerabilities that could allow a local

Re: [cisco-voip] Spectre and Meltdown remediation as relevant to Cisco systems

So long as those administrators never used a web browser when they logged in, since you can exploit Meltdown with JavaScript. -- James Andrewartha Network & Projects Engineer Christ Church Grammar School Claremont, Western Australia Ph. (08) 9442 1757 Mob. 0424 160 877 From: cisco-voip on behal

Re: [cisco-voip] Spectre and Meltdown remediation as relevant to Cisco systems

Proper access control is always important and will theoretically mitigate many an issue. I believe your answer would be nearly accurate except that Windows allows customized code to run without administrative access. You can run a batch file, a powershell script, etc. which could enable vulnerab

Re: [cisco-voip] Spectre and Meltdown remediation as relevant to Cisco systems

But that would mean my administrator is trying to exploit the system, wouldn’t it? Or are we saying that an administrator with access to the browser would click on a malicious link that would run that code? --- Lelio Fulgenzi, B.A. | Senior Analyst Computing and Communications Services | Univer

Re: [cisco-voip] Spectre and Meltdown remediation as relevant to Cisco systems

OK. Thanks. To be clear, by “administrators” I meant : a limited number of trusted users meant to access the machine, not necessarily those with administrator privileges. This is helping me build my plan. Thanks so much everyone. I’m also reading the advisories over and over again to try to ma

Re: [cisco-voip] Spectre and Meltdown remediation as relevant to Cisco systems

Correct, malicious code in the web browser would be the exploit. Ben Amick Unified Communications Analyst From: cisco-voip [mailto:cisco-voip-boun...@puck.nether.net] On Behalf Of Lelio Fulgenzi Sent: Wednesday, January 10, 2018 10:59 AM To: James Andrewartha ; Ryan Ratliff (rratliff) Cc: voip

Re: [cisco-voip] Spectre and Meltdown remediation as relevant to Cisco systems

From what I’ve read from VMWares releases, it’s essentially two separate issues. A vulnerable system can leak data between processes on that system. A vulnerable system hosted on a vulnerable hypervisor can leak data between processes on that system, and because of the shared processors, can als

Re: [cisco-voip] Spectre and Meltdown remediation as relevant to Cisco systems

Ok. one last question (for now) Why BIOS updates for C Series servers? What do those updates address? The CIMC application? Or more? --- Lelio Fulgenzi, B.A. | Senior Analyst Computing and Communications Services | University of Guelph Room 037 Animal Science & Nutrition Bldg | 50 Stone Rd E

Re: [cisco-voip] Spectre and Meltdown remediation as relevant to Cisco systems

Hi Lelio, On 11/01/18 01:10, Lelio Fulgenzi wrote: > Ok. one last question (for now) >   > Why BIOS updates for C Series servers? >   > What do those updates address? >   > The CIMC application? Or more? I believe (but haven't done heaps of research) is that the BIOS updates contain microcode (fi

[cisco-voip] Prime UC Provisioning Reviewa

Hullo, We are evaluating Prime provisioning amongst a few other third parties. I was wondering if anyone has any first hand experience with it or other alternatives? We primarily want to automate provisioning and deprovisioning via service now but are also looking at assurance and ana

[cisco-voip] QM Call recording, getting 503 on inbound call recording call

So, Built in bridge is enabled, sip trunk to Calabrio is set up... but when the call hits QM, we get a 503 Service Unavailable... Not seeing a lot of documentation on what would cause this... Any pointers to a direction? Jonathan ___ cisco-voip mailin