Remote Code Execution Flaw in Cisco Unified Communications Domain Manager
CVE-2018-0124
9.8CRITICAL
Key Information:
- Vendor
Cisco
- Vendor
- CVE Published:
- 22 February 2018
What is CVE-2018-0124?
A security flaw in Cisco Unified Communications Domain Manager could allow an unauthenticated remote attacker to exploit the system by bypassing essential security mechanisms. This vulnerability arises from insecure key generation during the application's configuration process. An attacker can exploit this security weakness by sending specially crafted requests using a known insecure key, gaining elevated privileges and executing arbitrary code within the application. As a result, it poses a significant risk to systems running affected versions of the product prior to 11.5(2). For further information, refer to Cisco’s Security Advisory.
Affected Version(s)
Cisco Unified Communications Domain Manager Cisco Unified Communications Domain Manager