This month’s newsletter features an important security notice relevant for VQCM users, and the team’s upcoming travel plans.
Following the release of VQ Conference Manager 4.4, we’ve published a new series of guides on the functionality we’ve added to Device Management and Automation (DMA).
Read on for:
- VQCM 4.4 video guides
- CVE notice for users
- Upcoming travel plans
- CCW training update
We’ve refreshed our library of customer insights – read the updated case studies.
Latest from VQ Conference Manager
VQCM 4.4 video guides
Last month, we released the latest version of VQ Conference Manager, 4.4.
VQ’s Barry Pascolutti has published several guides which cover the functionality added in this release, which include:
The first of these videos covers a new feature for DMA – Firmware Management. This enables users to upgrade Cisco Collaboration devices using RoomOS firmware images downloaded from the Cisco Software Central.
Watch the video here:
CVE notice
We have been made aware of a moderate-severity CVE that impacts IdentityServer, which is used as part of the VQCM login and authentication, in all VQCM versions from 3.12.1 to 4.3.1. The 4.4.0 release contains an updated version of IdentityServer and so is not impacted by this CVE.
The CVE impacts specific calls with IdentityServer that can (incorrectly) cause a URL to be trusted and marked as safe for redirects. It is important to note that “by itself, this vulnerability does not allow an attacker to obtain user credentials, authorisation codes, access tokens, refresh tokens, or identity tokens” (https://blog.duendesoftware.com/posts/20240731_security_patch/).
The most likely form of exploitation will be as part of a phishing attack.
As with any CVE, customers with externally exposed systems are more at risk, especially as their login pages will be externally accessible, making it easier for malicious actors to craft viable malicious links and pages that imitate their VQCM login pages.
We advise all customers, especially those with externally exposed login pages, to upgrade to the latest 4.4.0 release as soon as possible. If upgrading your system is not feasible, please contact VQ Support (support@vqcomms.com) to discuss your use case and potential risk profile.
What’s new at VQ?
Upcoming travel plans
This week, the VQ Team showcased the latest VQCM, DMA and Metro upgrades at Cisco GSX.
Thank you to everyone in the Cisco ecosystem for visiting us at our stand and making this another memorable trip to Las Vegas for VQ.
Over the next few months, you can meet the team at:
- WebexOne – the team will be attending WebexOne from 21– 24 October in Miami, Florida. Stay tuned for more details.
- DoDIIS Worldwide – for our partners and customers in the DoD space, VQ will be attending this conference in Omaha, Nebraska, from 27 – 30 October. Contact Giles Adams (gadams@vqcomms.com) if you’re interested in meeting.
CCW training update
VQ has changed the process and purchasing of the VQCM Training.
Previously, we sold attendance to the courses on a per-course, per-person basis. This is changing to a per-person, per-day voucher system.
Advantages for you the partner, and the customer:
- There is no need to select how many people will attend which course at the time of purchase.
- Often, the purchasing and operational groups are different. Per-day vouchers enable customer operational teams to consume the training according to their business needs.
- If VQ adds additional training courses to the syllabus, unused training vouchers can be used for new content.
Information on the training courses can be found here.
Please contact the sales team (sales@vqcomms.com) should you have any questions or would like to discuss our training offerings.