Cisco Unified Contact Center Enterprise cross website Script Vulnerability - CSCux59474

Similar Questions

• ToStaticHTML MS IE String Cross - Site Scripting Vulnerability associated with the processing of alarms

  Hello

  I was wondering if someone else has noted an increase in false positives on the 2 following competitions:

  -Microsoft Internet Explorer toStaticHTML String Cross - Site Scripting Vulnerability related to treatment

  -Microsoft Office Excel Ghost Record analysis of arbitrary Code execution vulnerability

  Obvisouly I see these events because the signature has been introduced recently.

  But I wonder if these alarms I get are authentic (and I have a big problem), or if the signature must be "set" by Cisco to be a little less sensitive?

  Anyone who has experienced something similar or can enlighten?

  Thank you

  SEB.

  Hello Seb,

  As a result of this thread, we have identified a false positive in signature 30419 and corrected the signature. The signature change is currently under review and is likely to do the update of signature which releases next week.

  Please let me know if I can help with anything whatsoever in addition under this thread. If your question has been answered, please mark the thread as such so that it is useful to other users. Also, feel free to note this thread to take account of your experience.

  Thank you

  Blayne Dreier

  Cisco TAC team climbing

  * Please see our Podcasts *.

  TAC security show: http://www.cisco.com/go/tacsecuritypodcast

  TAC IPS Media Series: https://supportforums.cisco.com/community/netpro/security/intrusion-prevention?view=tags&tags=tac_ips_media_series

• DOM-Cross Site Scripting Vulnerability (http-client-side-xss) cased by a SharePoint 2010 file: MS. USER INTERFACE. Pub.Ribbon.js

  Hello

  We have implemented a portal that is connected to the Internet by using SharePoint 2010. We used a vulnerability scanner, called Rapid7 (https://www.rapid7.com).

  He noted that the portal is vulnerable to the based on DOM cross-site-scripting (XSS). The affected file is a SharePoint integrated in the Layouts folder: MS. USER INTERFACE. Pub.Ribbon.js

  The detailed message is as below:

  / _layouts/SP. USER INTERFACE. Pub.Ribbon.js line 94: exit dangerous customer call showUnapprovedXmlHttp.send () with the concatenation of 94:String argLine contaminated with the concatenation of 94:String valueLine controlled by the user with the concatenation of 94:String valueLine controlled by the user with the concatenation of 94:String valueLine of controlled use with the concatenation of 94:String controlled by the user valueLine with 94:Result valueLine controlled by the user of taint where are stored the calling function on ordered valueLine 94 : "document. URL.split... "... Split toLowerCase ' is controlled by the user

  References:

  Source	Reference
  CERT	CA-2000-02
  OWASP-2010	A2
  OWASP-2013	A3
  URL	http://en.Wikipedia.org/wiki/Cross_site_scripting
  URL	http://www.webappsec.org/projects/articles/071105.shtml

  Please advise on how to solve the problem of Security reported.

  Thank you

  Randy

  Hello Randy,

  Thanks for posting your question on the Forum of the Microsoft community.

  The question will be better suited to the audience of it professionals on the MSDN forums.

  I would recommend posting your query in the MSDN Forums.
   
  MSDN forum
  http://social.msdn.Microsoft.com/forums/SharePoint/en-us/home?Forum=sharepointgeneralprevious

  Thank you

• Cisco Unified Video Advantage connect not not Cisco IP Phone

  Hi, I have the following text:

  • CUVA 2.2.2.0 installed on windows 7 x 64.
  • UC560.
  • IP phone 7965.

  The first time I installed the program, everything was ok, didn t try the video feature, but it was connecting and recognize.

  Now I'm with another phone, also a 7965 but CUVA said that it is not connected. He also says: "cisco unified video advantage can't connect to cisco ip phone" and asked him to contact the system administrator.

  It has been a long time (about 3 weeks) because I checked the last time he was working on the previous phone, I'm not sure if it's because I'm on another phone now, but I do not.

  Any ideas?

  When you go to CUVA-> all show the driver see CDP?

  Have you tried to close your wireless adapter or set a higher metric?

  Got a GPO that would restrict CUVA on windows firewall?

• NSContacts - how to get a unified contact-related contacts?

  Hello

  In my address book, I unified contacts for some people:

  -a card with personal data and is shared with my family with iCloud account

  -for the same person, one card is business oriented, with data company, on another account iCloud

  I'm developing a program with xCode, SWIFT.

  I want to get in contact with the commercial aspect, but I am only able to get a touch unified; When I remove it, I delete the two cards.

  How can I access contacts linked by a unified contact? Or how can I get access to only one of the linked contacts?

  I currently use unifiedContactsMatchingPredicate (with the predicateForContactsInGroupWithIdentifier predicate) that retrieves only the contacts unified; I couldn't find another appropriate method!

  Thanks for your help,

  Nicolas

  Hello

  I finally found a (the?) solution with CNContactFetchRequest and its choice of unifyResults,.

  Niclas

• How to disable Adobe cross-site scripting.

  disable Adobe cross-site scripting. I have a vista running on a laptop

  http://forums.Adobe.com/index.jspa

  Try the Forums Adobe above, relating to your question.

  Or Vista programs Forum:

  It's updated operating system Vista, upgraded installation and activate Forum.

  http://social.answers.Microsoft.com/forums/en-us/vistaprograms/threads

  They will help you with your question in Forum Vista programs at the above address.

  See you soon.

  Mick Murphy - Microsoft partner

• Replacement of VG224 in Cisco Unified Call Manager (CUCM)

  Hello

  I'm about to replace some of the access points virtual (VG224) to one of my sites and have a few concerns:

  1. Copy configs of the old to the new VG224 will be sufficient?
  2. What needs to be done on the Cisco Unified Call Manager (CUCM) to complete the replacement VG224?
  3. Should I change the configs in Cisco Unified Call Manager if I change the IP address of the VG224 (VG224 migration to the new voice VLAN)?

  Thank you

  Yahya,

  Hope it goes well...

  V is standing for VOICE, not virtual. Vg224 is gateway224 of voice. The answers for your quastion will be...

  1 - Yes, it is sufficient.

  2 - CUCM administration page > device > gateway > find. Select your gateway, change the mac address (10 digits) of the old appliance with a new one.

  3. with the help of sccp Protocol, CUCM don't care about ip address, it's care only about mac address. If the answer is, NO.

  hope that could help

  Concerning

• Cisco Nexus 1000V Virtual Switch Module investment series in the Cisco Unified Computing System

  Hi all
  I read an article by Cisco entitled "Best practices in Deploying Cisco Nexus 1000V Switches Cisco UCS B and C Series series Cisco UCS Manager servers" http://www.cisco.com/en/US/prod/collateral/switches/ps9441/ps9902/white_paper_c11-558242.html

  A lot of excellent information, but the section that intrigues me, has to do with the implementation of module of the VSM in the UCS. The article lists 4 options in order of preference, but does not provide details or the reasons underlying the recommendations. The options are the following:

  ============================================================================================================================================================
  Option 1: VSM external to the Cisco Unified Computing System on the Cisco Nexus 1010

  In this scenario, the virtual environment management operations is accomplished in a method identical to existing environments not virtualized. With multiple instances on the Nexus 1010 VSM, multiple vCenter data centers can be supported.
  ============================================================================================================================================================

  Option 2: VSM outside the Cisco Unified Computing System on the Cisco Nexus 1000V series MEC

  This model allows to centralize the management of virtual infrastructure, and proved to be very stable...
  ============================================================================================================================================================

  Option 3: VSM Outside the Cisco Unified Computing System on the VMware vSwitch

  This model allows to isolate managed devices, and it migrates to the model of the device of the unit of Services virtual Cisco Nexus 1010. A possible concern here is the management and the operational model of the network between the MSM and VEM devices links.
  ============================================================================================================================================================

  Option 4: VSM Inside the Cisco Unified Computing System on the VMware vSwitch

  This model was also stable in test deployments. A possible concern here is the management and the operational model of the network links between the MSM and VEM devices and switching infrastructure have doubles in your Cisco Unified Computing System.
  ============================================================================================================================================================

  As a beginner for both 100V Nexus and UCS, I hope someone can help me understand the configuration of these options and equally important to provide a more detailed explanation of each of the options and the resoning behind preferences (pro advantages and disadvantages).

  Thank you
  Pradeep

  No, they are different products. vASA will be a virtual version of our ASA device.

  ASA is a complete recommended firewall.

• Cannot reset the user vmail with Cisco Unified CM Administration password

  We use Cisco Unified CM Administration ver 7.1 with Cisco 7945 IP phones. I have a user who came to tell me that they could access is no longer the voicemail, getting PIN disabled. Ichanged the PIN with the Cisco Unified CM Administration that accepts the new pin without problem, but when we try from the phone, it does not work. Any ideas... Thank you Don

  Hi Don,

  For voicemail partners changes/updates, you should choose

  2 cisco Unity Connection Administration.

  Then; Users > Find/list > user associated with selectect > drop-down Edit > change passwords >

  Change voicemail password

  See you soon!

  SoC

  "Spend your life waiting,
  a moment that all do not come.
  Well, don't waste your time waiting.

  -Springsteen

• The request to connect to the Cisco Unified CCX application server has expired.

  Hello community Cisco!

  We currently have some question about the CAD. Several officers receive a timed mistake when they connect in CAD. The scenario is like this:

  1. agent tried to connect and receive an error message:

  "The request to connect to the server to application Cisco Unified CCX timed out. Please make sure your system is online and try again.

  2 agent hit retry and an error message is displayed:

  "Another agent has connected with the same extension. Your agent's office will sign, and then the application closes. »

  3. agent hit the OK and try to connect again, another error message appears:

  "The specified ID is already connected to an extension. You want to disconnect the ID so you can connect? »

  After continuing to try, agent is properly connected. However, the problem is intermittent and occurs on most of the agents. Please see accessories picture for reference.

  In addition, there was once the CUCM GUI is unresponsive to access (intermittent), although the ping on the server is ok.

  The system version and other info:

  * 9.1.1.20000 - 5 CUCM

  * UCCX 9.0.2.11003 - 44

  * LDAP is NOT used to connect to the CAD and the phone.

  Hope you can help me. Thank you!

  -Kenneth

  There was also, once the CUCM GUI is unresponsive to access (intermittent)

  This is the main reason for questions that your agents are faced to the it. If access to CUCM GUI is still slow, then restart the tomcat service using the service utils restart Tomcat Cisco of CLI and check whether or not it solves the problem.

  Preferably, I restart tomcat service on all servers of CM and then check.

  Concerning

  Deepak

• How to use 88XX phones Cisco Unified cm 8.6.2

  I installed the cmterm-88xx-sip.10-2-2-16.cop.sgn file on all Cisco Unified Communications Manager servers in the cluster.

  I restarted the Cisco Tftp service on all Cisco Unified Communications Manager servers in the cluster.

  In the Cisco Unified CM Administration;
  Under the Device menu, select device settings > default device.
  There is no registration for the Cisco IP Phone 8811 models, 8841, 8851 and 8861.

  What should I do to be able to use these new phones on this Cisco Unified CM 8.6.2 system?

  You must install the appropriate device pack. To be honest I don't know which would be best to install. The last pack of the device has support for the 8811. The other models were introduced in an earlier version of the device package. Not sure if they are included in the last.

  http://software.Cisco.com/download/release.html?mdfid=283782839&flowid=4... (2.26145) & relind = AVAILABLE = rellifecycle & reltype = last

• Vulnerable Webhelp for XSS cross site scripting checking. Reason - document.location.href

  Online help, created by the team through a security vulnerability checking now. It was found that integration of webhelp with the application, document.location.href is a vulnerable point according to the XSS cross site scripting. Please your thoughts and all the methods that you have that can contain this situation. Its emergency, please help.

  You can update your copy with the help > update or web page: http://www.adobe.com/downloads/updates/

• This version of Cisco Adaptive Security Appliance Software Version 9.6 (1) 5 is affected by Cisco Adaptive Security Appliance SNMP Remote Code execution vulnerability and Cisco Adaptive Security Appliance CLI Remote Code execution vulnerability of

  This version of Cisco Adaptive Security Appliance Software Version 9.6 (1) 5 is affected by Cisco Adaptive Security Appliance SNMP Remote Code execution vulnerability and Cisco Adaptive Security Appliance CLI Remote Code execution vulnerability of

  Hi vrian_colaba,

  You can take a look at cisco's Advisory here:

  https://Tools.Cisco.com/Security/Center/content/CiscoSecurityAdvisory/CI...

  Fixed versions

  Cisco ASA Major Release	First version fixed
  7.2	Affected; migrate to 9.1.7(9) or later
  8.0	Affected; migrate to 9.1.7(9) or later
  8.1	Affected; migrate to 9.1.7(9) or later
  8.2	Affected; migrate to 9.1.7(9) or later
  8.3	Affected; migrate to 9.1.7(9) or later
  8.4	Affected; migrate to 9.1.7(9) or later
  8.5	Affected; migrate to 9.1.7(9) or later
  8.6	Affected; migrate to 9.1.7(9) or later
  8.7	Affected; migrate to 9.1.7(9) or later
  9.0	9.0.4 (40)
  9.1	9.1.7(9)
  9.2	9.2.4 (14)
  9.3	9.3.3 (10)
  9.4	9.4.3(8) ETA 26/08/2016
  9.5	9.5 (3) ETA 30/08/2016
  9.6 (DFT)	9.6.1 (11) / 6.0.1(2) FTD
  9.6 (ASA)	9.6.2

  5 9.6 (1) is not part of the fixed versions, this means that is assigned for the SNMP Remote Code execution vulnerability.

  Cisco Adaptive Security Appliance CLI Remote Code vulnerability to run you can also take a look at cisco's Advisory here:

  https://Tools.Cisco.com/Security/Center/content/CiscoSecurityAdvisory/CI...

  Fixed versions

  The following table shows the first software versions that include fixes for this vulnerability (9.6 is not affected)

  Cisco ASA Major Release	First version fixed
  7.2	Affected, migrate to 8.4 (3) or later
  8.0	Affected, migrate to 8.4 (3) or later
  8.1	Affected, migrate to 8.4 (3) or later
  8.2	Affected, migrate to 8.4 (3) or later
  8.3	Affected, migrate to 8.4 (3) or later
  8.4	8.4 (3)
  8.5	Affected, migrate to 9.0 (1) or later version
  8.6	Affected, migrate to 9.0 (1) or later version
  8.7	Affected, migrate to 9.0 (1) or later version
  9.0	9.0 (1)
  9.1	Not affected
  9.2	Not affected
  9.3	Not affected
  9.4	Not affected
  9.5	Not affected
  9.6	Not affected

  Hope this info helps!

  Note If you help!

  -JP-

• Sending an e-mail via the "contact us" on a website does not work and leads to a steady flow of pages 'untitled' goes acroos the screen so I have to restart to stop it

  If I click on "contact us" on a Web site or try clicking on addresses in a website I do not take my e-mail page (windows live), but get a stream of pages 'Untitled' crossing the bar at the top. I'm not usually this close and usually have to restart. Someone knows how to fix this? He always did. I am a user of windows 7.

  This has happened

  Each time Firefox opened

  == He always did

  You can watch the prefs Network.protocol - handler.external.mailto the topic: config page.
  If Network.protocol - handler.external.mailto prefs are user defined (in bold) and then do a right click and reset to the default value.

  You can also try to change the pref Network.protocol - handler.warn - external .mailt to true.
  ---
  To open the topic: config page, type Subject: config in the address bar (address) and press the Enter key, as you type the url of a Web site to open a Web site.
  If you see a warning then you can confirm that you want to access this page.

• Microsoft or microsoft calls people never contact center by telephone to prevent imminent accidents to their system?

  I was recently contacted by someone who claims to be from microsoft call center informing me that my computer had downloaded a malicious file and was asked to press the windows key and type remove in the Run dialog box and he would show me what file was infected and how to remove and or difficulty it was it a legitimate call?

  N ° Microsoft will never call you.