Vulnerabilities > CVE-2018-0124 - Key Management Errors vulnerability in Cisco Unified Communications Domain Manager

CVSS 9.8 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

cisco

CWE-320

critical

NVD

Published: 2018-02-22

Updated: 2019-10-09

Summary

A vulnerability in Cisco Unified Communications Domain Manager could allow an unauthenticated, remote attacker to bypass security protections, gain elevated privileges, and execute arbitrary code. The vulnerability is due to insecure key generation during application configuration. An attacker could exploit this vulnerability by using a known insecure key value to bypass security protections by sending arbitrary requests using the insecure key to a targeted application. An exploit could allow the attacker to execute arbitrary code. This vulnerability affects Cisco Unified Communications Domain Manager releases prior to 11.5(2). Cisco Bug IDs: CSCuv67964.

Vulnerable Configurations

Part	Description	Count
Application	Cisco Cisco Unified Communications Domain Manager - Cisco Unified Communications Domain Manager 4.4.1 Cisco Unified Communications Domain Manager 4.4.2 Cisco Unified Communications Domain Manager 4.4.3 Cisco Unified Communications Domain Manager 4.4.4 Cisco Unified Communications Domain Manager 7.4 Cisco Unified Communications Domain Manager 8.0 Cisco Unified Communications Domain Manager 8.0.1 Cisco Unified Communications Domain Manager 8.0.2 Cisco Unified Communications Domain Manager 8.1 Cisco Unified Communications Domain Manager 8.1\(.1\) Cisco Unified Communications Domain Manager 8.1\(.2\) Cisco Unified Communications Domain Manager 8.1\(.3\) Cisco Unified Communications Domain Manager 8.1\(.4\) Cisco Unified Communications Domain Manager 8.1\(4\)Er1 Cisco Unified Communications Domain Manager 8.1\(7\)Er1 Cisco Unified Communications Domain Manager 8.1.4Er1 Cisco Unified Communications Domain Manager 8.6 Cisco Unified Communications Domain Manager 8.6\(.2\) Cisco Unified Communications Domain Manager 9.0 Cisco Unified Communications Domain Manager 9.0\(.1\) Cisco Unified Communications Domain Manager 10.0 Cisco Unified Communications Domain Manager 10.5\(1.98991.13\) Cisco Unified Communications Domain Manager 10.5\(2.10000.5\) Cisco Unified Communications Domain Manager 10.6.1 Cisco Unified Communications Domain Manager 10.6_Base Cisco Unified Communications Domain Manager 11.0\(1.10000.10\) Cisco Unified Communications Domain Manager 11.5\(1\) Cisco Unified Communications Domain Manager 11.5\(1.10000.6\)	29

Common Weakness Enumeration (CWE)

CWE-320 - Key Management Errors

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References