BugZero | Cisco BugID CSCvz34524 - LTI XCODER is invoked during inbound calls which a...

Cisco - Defect ID: CSCvz34524

LTI XCODER is invoked during inbound calls which are put on network hold by Call Manager

Cisco - Defect ID: CSCvz34524

LTI XCODER is invoked during inbound calls which are put on network hold by Call Manager

Last updated on 5/11/2025

Overall: 6.16.1

Severity: 6.46.4

Lifecycle: 9.19.1

Popularity: 5.15.1

What is the BugZero Risk Score?

Vendor details

No defect details.

Overall: 6.16.1

Severity: 6.46.4

Lifecycle: 9.19.1

Popularity: 5.15.1

What is the BugZero Risk Score?

Vendor details

No defect details.

Symptom

When connecting the MOH we could see DTMF mismatch on the CUBE which made the CUBE to allocate Transcoder (LTI). Generally, the MOH do not have any DTMF method (which is expected) and the Agent leg supports RFC2833, this has resulted in XCODER allocation.

Conditions

Ack comes from CUCM when the call is placed on hold comes with no DTMF capabilities which creates a DTMF mismatch. ITSP negotiated RFC2833 and now inside leg changed from RFC2833 to RAW media.

Workaround

1.Invoke MTP on CUCM SIP trunk 2. LUA script on CUCM to add below parameters: a=rtpmap:101 telephone-event/8000 a=fmtp:101 0-15 (m=audio.*)" "\1 101" ***LUA SCRIPT**** M = {} trace.enable() function M.outbound_ACK(msg) trace.format("---- Ready to get SDP") local sdp = msg:getSdp() if sdp then trace.format("---- sdp found") local moh_line = sdp:getLine("a=", "X-cisco-media:umoh") if moh_line then trace.format("---- MoH line found") local audio_line = sdp:getLine("m=", "audio") if audio_line then trace.format("---- audio line found , length is %d", string.len(audio_line) ) local audio_modified = (string.sub(audio_line, 1, (string.len(audio_line)-2))) .. " 101\r\n" -- extracts string from 1st character to Length-2 characters. Last two characters are \r\n which we ignoring while extracting the string. trace.format("---- new audio line %s", audio_modified) sdp = sdp:modifyLine("m=", "audio", audio_modified) sdp = sdp:addLine("a=rtpmap:101 telephone-event/8000\r\n") sdp = sdp:addLine("a=fmtp:101 0-15") msg:setSdp(sdp) end end end end return M

Further Problem Description

This behavior is from 16.12.5 onwards this has to reworked as with moh we shouldn’t invoke dsp PSIRT Evaluation: The Cisco PSIRT has evaluated this issue and determined it does not meet the criteria for PSIRT ownership or involvement. This issue will be addressed via normal resolution channels. If you believe that there is new information that would cause a change in the severity of this issue, please contact psirt@cisco.com for another evaluation. Additional information on Cisco's security vulnerability policy can be found at the following URL: http://www.cisco.com/en/US/products/products_security_vulnerability_policy.html

Original Vendor Announcement

9.65Defect ID: CSCwd45843
Auth Step latency for policy evaluation due to Garbage Collection activity.
9.65Defect ID: CSCwa92734
CUBE DTMF interworking fails from rtp-nte to OOB SIP methods
9.65Defect ID: CSCwj45822
Cisco ASA and FTD Software Remote Access VPN Brute Force Denial of Service Vulnerability
9.65Defect ID: CSCvo03458
PKI "revocation check crl none" does not fallback if CRL not reachable
9.65Defect ID: CSCvq05584
Cisco IOS and IOS XE Software Tcl Arbitrary Code Execution Vulnerability

Ready to prevent the next vendor outage?

Get a demo

OPERATIONAL DEFECT DATABASE

Cisco - Defect ID: CSCvz34524

LTI XCODER is invoked during inbound calls which are put on network hold by Call Manager

Cisco - Defect ID: CSCvz34524

LTI XCODER is invoked during inbound calls which are put on network hold by Call Manager

Last updated on 5/11/2025

Vendor details

Vendor details

Description

Symptom

Conditions

Workaround

Further Problem Description

Links

Top Cisco defects by risk score

Ready to prevent the next vendor outage?