All Cisco products and applications that are using Microsoft IIS are
To determine if a product is vulnerable, review the list below. If the
software versions or configuration information are provided, then only those
combinations are vulnerable.
Cisco CallManager 3.0, 3.1, 3.2
Cisco ICS 7750
Cisco Building Broadband Service Manager 4.x, 5.x
Cisco uOne Enterprise Edition
Cisco Network Registrar (CNR)
Cisco Intelligent Contact Manager (ICM)
The following Cisco products may be installed on various web servers
and are vulnerable if installed on a Microsoft IIS server:
Cisco Collaboration Server (CCS)
Cisco Dynamic Content Adapter (DCA)
Cisco Media Blender (CMB)
TrailHead (Part of the Web Gateway solution)
Various Cisco Network Management products may be installed on Microsoft
platforms that may be running a vulnerable version of IIS. Much older versions
of CiscoWorks 2000 RWAN/CWSI Campus v2.x and Cisco Voice Manager v1.x are
directly vulnerable because IIS was required as a part of the installation.
Such systems might be offering HTTP services on default ports. These specific
software packages are no longer supported, but are included in this notice to
alert customers who might still be using them.
No other Cisco products are currently known to be affected by these