Avaya Experience Platform™ (AXP) - Apache ActiveMQ Vulnerability
Avaya is closely monitoring an Apache ActiveMQ vulnerability tracked as CVE-2023-46604, released on October 27.
SecOps for Avaya Experience Platform™ (AXP) & Avaya Enterprise Cloud™ (AEC) have actively worked and are working to assess any impacts to the solution.
We have already taken needed in-situ measures to ensure our customers are protected, and we will continue to actively monitor the security vulnerability as it develops.
Avaya customers can expect further Security Advisory notices as we continue to respond to this changing and challenging situation. We encourage you to check back here for more updates.
Further details on CVE-2023-46604 can be found at NIST
Update for CPaaS Voice customers: This maintenance notice does not apply to Avaya Experience Platform users or BYOC users.
We are extending the deadline from Nov 10 to Nov 30, 2023 to allow additional time for CPaaS Voice customers to update their firewall configuration.
We appreciate your cooperation. If you have any questions regarding this, please don't hesitate to contact our support team using Avaya OneCare portal.
Dear Voice Customer,
We are informing you of an important update regarding your voice services that require action by November 10, 2023 to ensure uninterrupted service.
Our carrier partner is introducing a new range of network subnet that will be used for handling RTP packets (media). The new subnet is 50.114.146.0/24
After November 10, 2023, the full list of Media subnets will be:
Action Required:
If you are using a firewall for handling RTP packets (media), kindly allow the new subnet to the firewall's configuration. Please complete this update before November 10, 2023 to ensure uninterrupted service and media quality. We appreciate your cooperation.
If you have any questions regarding this, please don't hesitate to contact our support team using Avaya OneCare portal.
Thanks
CPaaS team @ AVAYA