A high severity vulnerability found in the curl library (libcurl) and curl command tool. DX UIM uses libcurl (but not curl tool) in the monitoring probes listed below:

• emailgtw using libcurl 7.82.0
• url_response using libcurl 7.82.0
• cisco_ucm using libcurl 7.87.0

DX UIM Server with the following probes

• emailgtw 
• url_response 
• cisco_ucm

https://curl.se/docs/CVE-2023-38545.html

Based on the initial review on the usage of the libcurl, the mentioned list of probes are not using SOCKS5 proxy for connecting to remote hosts. While the listed probes are vulnerable, they are not exploitable since SOCKS5 proxy is not enabled on these probes.

As a next step, these probes will be updated with the latest recommended version of curl library libcurl 8.4.0.

1. The following three probes using libcurl are not impacted by these vulnerabilities as per the affected version (libcurl 7.69.0 to and including 8.3.)

• email_response using libcurl 7.21.6
• apache using libcurl 7.21.6
• iis using libcurl 7.61.1

    2. This KB will be updated on a continuous basis as the situation evolves. There is NO Impact on Probes installed along with the DX UIM Server and Operator console of UIM 20.3.x and 20.4.x versions.