CVE-2018-0124

CVE Database · CVE-2018-0124

CVE-2018-0124

· N/AModified

CVSS v3.1

N/A

EPSS

5.26%

Published

Feb 21, 2018

Modified

Nov 21, 2024

Public PoC / Exploit (1)

All weaponized →

TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

A vulnerability in Cisco Unified Communications Domain Manager could allow an unauthenticated, remote attacker to bypass security protections, gain elevated privileges, and execute arbitrary code. The vulnerability is due to insecure key generation during application configuration. An attacker could exploit this vulnerability by using a known insecure key value to bypass security protections by sending arbitrary requests using the insecure key to a targeted application. An exploit could allow the attacker to execute arbitrary code. This vulnerability affects Cisco Unified Communications Domain Manager releases prior to 11.5(2). Cisco Bug IDs: CSCuv67964.

Weaknesses (CWE)

CWE-320CWE-320

Affected Products (1)

cisco · unified_communications_domain_manager (up to 11.5\(2\))vulnerable

References (6)

http://www.securityfocus.com/bid/103114

Third Party AdvisoryVDB Entry

http://www.securitytracker.com/id/1040405

Third Party AdvisoryVDB Entry

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180221-ucdm

Vendor Advisory

http://www.securityfocus.com/bid/103114

Third Party AdvisoryVDB Entry

http://www.securitytracker.com/id/1040405

Third Party AdvisoryVDB Entry

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180221-ucdm

KEV Catalog EPSS Scores Vendors All CVEs