—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA1

Cisco Security Advisory: Cisco Unified Communications Domain Manager Remote Code Execution Vulnerability

Advisory ID: cisco-sa-20180221-ucdm

Revision: 1.0

For Public Release: 2018 February 21 16:00 GMT

Last Updated: 2018 February 21 16:00 GMT

CVE ID(s): CVE-2018-0124

CVSS Score v(3): 9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

+———————————————————————

Summary
=======
A vulnerability in Cisco Unified Communications Domain Manager could allow an unauthenticated, remote attacker to bypass security protections, gain elevated privileges, and execute arbitrary code.

The vulnerability is due to insecure key generation during application configuration. An attacker could exploit this vulnerability by using a known insecure key value to bypass security protections by sending arbitrary requests using the insecure key to a targeted application. An exploit could allow the attacker to execute arbitrary code.

Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180221-ucdm [“https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180221-ucdm”]

—–BEGIN PGP SIGNATURE—–

iQJ5BAEBAgBjBQJajZllXBxDaXNjbyBQcm9kdWN0IFNlY3VyaXR5IEluY2lkZW50
IFJlc3BvbnNlIFRlYW0gKENpc2NvIFBTSVJUIGtleSAyMDE4LTIwMTkpIDxwc2ly
dEBjaXNjby5jb20+AAoJEJa12PPJBfcznTgP/RCXHuU9y6+1YqN5nAQN7Xs9OicE
/mvSnOn6wMH6N4Qoc4LeQFy5vFV6ZHWWvUUsoyRgxnu6NInUGdOjw2m3jqoKeArV
0tIWFquH+zUgq4K4KlKcBsw6JLDiV/Xb7miBF9wQwDyeySzfnt1aU+1k9Zupj9/1
lnGysPMe6EE35ikKRrJ53SoIOCzhFY2H9Svb7z1N3OKlK+yIT3gab7AIxgb9p6gm
CkuawuDtR5rRqv9VFXyVt4dmS+oD0RvrnWLwL7CoB2wPqb6fkc7cbTErBla/rLKp
X6Xdle9bPX/6Wr6uxAl9hTGT+tyPA203LcK1asRdPGHx/eLGyPnqsi/o5xyqb0jW
FLbuju/QNPYWTBaqqf+tLQ4MwFpdV5QR3aFgo7VUVm0rYeCcWdjBNwCNY3aomojy
65rSjcnH5ubs7i8BdJtsRC4W3TAyZT3OYXM6rNqHe1aMWinLtI0IiPV/yD5OxXTu
GX6TzLBn6QiotgTriSgvpcnH4bRRb+lu55I9qd5f3XUn2bBdcW9Y6RRLhvRTrYrR
K8lvI34AkSmuVMQn/X7zxBvm2JFamBLvoTu36q9QUToSBdUdF2llAUHXMzJwYNPb
AFQOWmbW8XZGK+adEacECRzd0dpsQtOuvjuspIs4aZpnqChspNB0eENWevpS0xo+
IKzTdKHZjRuZHxkE
=gnxb
—–END PGP SIGNATURE—–

_______________________________________________
cust-security-announce mailing list
cust-security-announce@cisco.com
To unsubscribe, send the command “unsubscribe” in the subject of your message to cust-security-announce-leave@cisco.com