Method of Procedure

Customer:
Change Request:

TABLE OF CONTENTS

Table of Contents.................................................................................................................... 1

Revision History...................................................................................................................... 1

ATSG MOP V1.0 1

Change details........................................................................................................................ 2

Affected devices...................................................................................................................... 2

Associated devices.................................................................................................................. 2

Contacts.................................................................................................................................. 2

Supplemental information....................................................................................................... 3

Terminal Servers.................................................................................................................. 3

Vendor Documentation........................................................................................................ 3

Purpose................................................................................................................................... 3

Description........................................................................................................................... 3

Reason for change............................................................................................................... 3

Technical impact/Risk............................................................................................................. 3

Requirements.......................................................................................................................... 3

Preliminary steps.................................................................................................................... 4

Pre-change output collection................................................................................................... 4

Implementation plan............................................................................................................... 4

Implementation.................................................................................................................... 4

Verification........................................................................................................................... 4

Backout Plan........................................................................................................................... 5

Backout Implementation...................................................................................................... 5

Backout Verification............................................................................................................. 5

post-change output collection................................................................................................. 5

Final Steps.............................................................................................................................. 5

REVISION HISTORY
Revisi Tea
Date Engineer Notes
on m

ATSG MOP V1.0 2

CHANGE DETAILS
Information Details
ATSG Ticket #
Customer Ticket #
Vendor Ticket #
Estimated Duration of
00 hrs and 00 mins
Pre-Checks
Estimated Change
00 hrs and 00 mins
Duration

AFFECTED DEVICES

The following list contains devices that will be modified:

Device Name IP Address Device Type/Function

ASSOCIATED DEVICES

The following list contains devices that will NOT be modified but may be indirectly impacted.

Device Name IP Address Device Type/Function

CONTACTS

The following list contains all individuals involved with the change (including vendors):

Organiza Primary
Name Role Email Address Phone Number
tion Contact

SUPPLEMENTAL INFORMATION

TERMINAL SERVERS

ATSG MOP V1.0 3

 CLI access is available through the SIML DMA
 GUI access can be gained through one of the ICM OAMP server

VENDOR DOCUMENTATION

CVE-2024-20253
 https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-
cucm-rce-bWNzQcUm
CVE-2024-20272
 https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-
cuc-unauth-afu-FROYsCsD
Enable Sha512
 https://www.cisco.com/web/software/282204704/18582/ciscocm.enable-sha512sum-
2021-signing-key-v1.0.cop.sgn-COP-Readme-v3.pdf
Install, Upgrade, and Maintenance Guide for Cisco Unity Connection Release 12.x
 https://www.cisco.com/c/en/us/td/docs/voice_ip_comm/connection/12x/install_upgrade/
guide/b_12xcuciumg/b_12xcuciumg_chapter_010.html
Readme 12.5.1Su8a
 www.cisco.com/web/software/286319533/165889/b_1251su8acucrn_v1.pdf

PURPOSE

DESCRIPTION

REASON FOR CHANGE

 The change is being completed to alleviate any possible chance that the system is
intruded.

TECHNICAL IMPACT/RISK

The impact of the change is low as the change is to install cop files. The tomcat service will
restart as a part of the change for the bug cop files. And those will need to be installed via
CLI.

REQUIREMENTS
Function Required Details (if function required)
Onsite support ☐

Vendor or TAC ☐

Hardware RMA ☐

Customer/User/App ☐
Testing
Video/Audio ☐

ATSG MOP V1.0 4

 Conference Bridge
Customer contact ☐
required before
change
Additional ☐
Requirement

PRELIMINARY STEPS
 Review all steps in the implementation plan before proceeding
 If applicable, create outage for associated device(s) to suppress alarms
 If required, join bridge
 Update case with details from the above steps taken and change case status to “Work in
progress”.
 Notify all listed in the Contact(s) section via email, please follow the format specified in
the Change Management documentation.

PRE-CHANGE OUTPUT COLLECTION

 Take the necessary backups/screenshots of the current configurations that will be
modified and any informative “show” commands. Please reference, MOP Workflow for
more details.
 Filename should utilize a similar format to the below:
[devicename]_[pre,post]-change_[date].log
Date format: yyyy.mm.dd
Example: Router001_pre-change_2014.12.3.log

Cisco CUC - Pre-Change Output Collection:

The devices have been listed under “Affected Devices” on previous steps.
The actual commands and details are found in: https://tacconnect > Home > Homepage >
Health Checks
Perform a Pre-change Health Check from each node as follows: (Gather, Review and
Document)

//Necessary COP files have been staged on the DMA and can be accessed using the Walled
Directory SFTP protocol.

IMPLEMENTATION PLAN

IMPLEMENTATION – INSTALL COP FILE TO ENABLE SHA512

1. NOTE: this step is in preparation for upgrade
2. Beginning with the Unity Connection publisher
3. Enter the OS administrator username and password
4. Enter utils system upgrade initiate
a. For Source = 1) Remote Filesystem via SFTP
b. Directory = /files/
c. Username = transfersftp

ATSG MOP V1.0 5

 d. Password = <use password generated by SIML>
5. Select the number shown for the file we need ciscocm.enable-sha512sum-2021-signing-
key-v1.0.cop.sgn
6. This will download and check the file
7. Verify the checksum - 5bb9ed40b41b4fb511034f2bc2829e3d
8. Select next to proceed with the upgrade
9. Once completed verify with show version active command.
10. Repeat these steps for the Unity Connection subscriber node.

IMPLEMENTATION – UPGRADE UNITY CONNECTION CLUSTER CVE-2024-

20253
11. NOTE: Upgrade from 12.0.1 to 12.5.1 is direct upgrade
12. Beginning with the Unity Connection publisher
13. Enter the OS administrator username and password
14. Enter utils system upgrade initiate
a. For Source = 1) Remote Filesystem via SFTP
b. Directory = /files/
c. Username = transfersftp
d. Password = <use password generated by SIML>
15. Select the number shown for the file we need UCSInstall_CUC_12.5.1.18901-2.sha512.iso
16. This will download and check the file
17. Verify the checksum - e0f90800f181b045ef7f4cc92cc6806b
18. Select next to proceed with the upgrade
19. Once completed verify with show version active command.
a. Verify that the proper version is shown in the inactive partition.
20. Repeat these steps for the Unity Connection subscriber node.
21. After both servers have completed the upload of the software proceed with
switchversion on the publisher node first.
22. After publisher is completed and the services have all started proceed with switch
version on the subscriber.
23. Confirm the Unity connection remains in a normal state with the pub as primary and sub
as secondary after completion of the upgrade.

IMPLEMENTATION – INSTALL COP FILE ON UNITY CLUSTER CVE-2024-20272

24. NOTE: the cop file used in this step should be ciscocm.cuc.CSCwh14380_C0208-
1.cop.sha512.
25. Beginning with the Unity Connection publisher.
26. Open the CLI for the Unity Connection.
27. Run the follow command
a. utils system upgrade initiate
28. For the Source, choose Remote File System via SFTP (or FTP).
Server: 10.47.202.156
User Name: transfersftp
Password: <use password generated by SIML>
29. : Select "ciscocm.cuc.CSCwh14380_C0208-1.cop.sha512" and hit Enter.
30. This will download and check the file
31. Verify the checksum - 1c9bf9ebede9dd4325877117666ad11f
32. Select next to proceed with the upgrade
33. When the installation completes, Verify the COP file version using this command from
the CLI
a. show version active

ATSG MOP V1.0 6

34. If at any point during implementation there are unexpected results that may cause
impact to production:
a. Spot check the appliance to assist in determining the impact
b. Take steps noted in the Unsuccessful Implementation section under Final Steps
c. Call the customer listed in the Contact(s) section
d. Do your best to remediate the issue

VERIFICATION
1. Verification steps for the COP files are included in the implementation with showing the
software and version
2. If verification fails:
a. Do your best to remediate the issue
b. If unable to remediate, jump to the “Back-out Plan” section
3. If verification succeeds, jump to the “Post Output Collection” section

BACKOUT PLAN

BACKOUT IMPLEMENTATION

1. The cop file downloads included a “revert” option of each cop file. If backout is required
for any reason, the exact same steps can be followed from above but with substituting
the “revert” version of each cop file.

BACKOUT VERIFICATION

POST-CHANGE OUTPUT COLLECTION

 Take the necessary backups/screenshots of the current configurations and any
informative “show” commands that were run in the “Pre-change Output Collection”
section. Verify for any differences between the pre and post output.
 Filename should utilize a similar format to pre-change filenames

FINAL STEPS
 Ensure that all debugs and elevated traces are disabled unless explicitly stated
otherwise
 Please refer to the Operations documentation, Change Management, and complete all
steps to finalize the change and to communicate effectively on the change
status/completion.

ATSG MOP V1.0 7