Hello all, I have a client who alerted me to a BToE vulnerability on versions 3.8 and below regarding stored, fixed credentials being used between the phone and the PC client, with the solution being to move to UC software 6.0 and BToE 4.0. This client has a mix of phones compatible with UCS 6.0 and some that aren't like VVX 500s, and also likes to not move to the latest software build. They currently run 5.9.0 with Skype for Business and of course BToE 3.9.
UCS 5.9 and BToE 3.9 are both not mentioned in the vulnerability document, but I opened a case and asked specifically about future updates to address the vulnerability and was told that 5.9/3.9 won't be getting the fixes that address this vulnerability.
I'm aware that this forum is not the place for future feature relase information but I'm hopeful that my support tech, who wasn't aware of the vulnerability until I sent the document over, was simply incorrect and that this vulnerability can be addressed in the legacy builds for clients who aren't wanting to upgrade a stack of otherwise good phones, but who use BToE heavily.
Thanks in advance!
Solved! Go to Solution.
Hello @UCDave ,
The community contains individual sections dealing with the different products we offer Voice, Audio/Video, UC Infrastructure or Others.
Your post or the post you replied to was placed into an incorrect section and has therefore already been moved.
We are working on fixing this in 5.9.x but I am unable to provide a date.