1. Home
  2. CVE Database
  3. CVE-2018-0124
CRITICAL · 9.8

CVE-2018-0124

A vulnerability in Cisco Unified Communications Domain Manager could allow an unauthenticated, remote attacker to bypass security protections, gain elevated privileges, and execute arbitrary code. The...

Vulnerability Description

A vulnerability in Cisco Unified Communications Domain Manager could allow an unauthenticated, remote attacker to bypass security protections, gain elevated privileges, and execute arbitrary code. The vulnerability is due to insecure key generation during application configuration. An attacker could exploit this vulnerability by using a known insecure key value to bypass security protections by sending arbitrary requests using the insecure key to a targeted application. An exploit could allow the attacker to execute arbitrary code. This vulnerability affects Cisco Unified Communications Domain Manager releases prior to 11.5(2). Cisco Bug IDs: CSCuv67964.

CVSS Score

9.8

CRITICAL

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
HIGH
Availability
HIGH

Affected Products

VendorProductVersions
CiscoUnified Communications Domain Manager< 11.5\(2\)

Related Weaknesses (CWE)

CWE-320

References

FAQ

What is CVE-2018-0124?

CVE-2018-0124 is a vulnerability with a CVSS score of 9.8 (CRITICAL). A vulnerability in Cisco Unified Communications Domain Manager could allow an unauthenticated, remote attacker to bypass security protections, gain elevated privileges, and execute arbitrary code. The...

How severe is CVE-2018-0124?

CVE-2018-0124 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2018-0124?

Check the references section above for vendor advisories and patch information. Affected products include: Cisco Unified Communications Domain Manager.