The following Cisco Unified Communications Manager versions are
Cisco Unified CallManager 4.1 versions prior to 4.1.3SR8
Cisco Unified CallManager 4.2 versions prior to 4.2(3)SR4b
Cisco Unified CallManager 4.3 versions prior to 4.3(2)SR1a
Cisco Unified Communications Manager 5.x versions prior to
Cisco Unified Communications Manager 6.x versions prior to
Administrators of systems running Cisco Unified CallManager version 4.x
can determine the software version by navigating to Help > About
Cisco Unified CallManager and selecting the Details
button via the Cisco Unified Communications Manager Administration
Administrators of systems that are running Cisco Unified Communications
Manager versions 5.x and 6.x can determine the software version by viewing the
main page of the Cisco Unified Communications Manager Administration interface.
The software version can also be determined by running the command
show version active via the command line
In Cisco Unified CallManager version 4.x, the use of SIP as a call
signaling protocol is not enabled by default, and for the
Cisco Unified CallManager server to start listening for SIP messages on TCP and
UDP ports 5060 and 5061 a SIP trunk needs to be configured.
In Cisco Unified Communications Manager versions 5.x and later, the use
of SIP as a call signaling protocol is enabled by default in Cisco Unified
Communications Manager and cannot be disabled.
Cisco IOS software is also affected by these vulnerabilities, although
they are tracked by different Cisco bug IDs. A companion security advisory for
Cisco IOS software is available at
With the exception of Cisco IOS software, no other Cisco products are
currently known to be vulnerable to the issues described in this
Cisco Unified Communications Manager version 7.x is not affected by
Cisco Unified CallManager version 4.x is not affected by these
vulnerabilities if it does not have any SIP trunks configured.