CVE-2018-0124

CWE-3204 documents4 sources
Severity
9.8CRITICAL
EPSS
1.1%
top 22.00%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Cisco Unified Communications Domain Manager
Timeline
PublishedFeb 22
Latest updateMay 13

Description

A vulnerability in Cisco Unified Communications Domain Manager could allow an unauthenticated, remote attacker to bypass security protections, gain elevated privileges, and execute arbitrary code. The vulnerability is due to insecure key generation during application configuration. An attacker could exploit this vulnerability by using a known insecure key value to bypass security protections by sending arbitrary requests using the insecure key to a targeted application. An exploit could allow thā€¦

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

ā–¶CVEListV5cisco_unified_communications_domain_managerCisco Unified Communications Domain Manager

šŸ”“Vulnerability Details

2
GHSA
GHSA-8wjv-jcjm-9fj9: A vulnerability in Cisco Unified Communications Domain Manager could allow an unauthenticated, remote attacker to bypass security protections, gain elā†—2022-05-13
ā–¶
CVEList
CVE-2018-0124: A vulnerability in Cisco Unified Communications Domain Manager could allow an unauthenticated, remote attacker to bypass security protections, gain elā†—2018-02-22
ā–¶

šŸ“‹Vendor Advisories

1
Cisco
Cisco Unified Communications Domain Manager Remote Code Execution Vulnerabilityā†—2018-02-22
ā–¶
CVE-2018-0124 (CRITICAL CVSS 9.8) | A vulnerability in Cisco Unified Co | cvebase.io