====================================================================

                             CERT-Renater

                 Note d'Information No. 2018/VULN067
_____________________________________________________________________

DATE                : 22/02/2018

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): Systems running Cisco Unified Communications
                                  Domain Manager.

=====================================================================
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180221-ucdm
_____________________________________________________________________

Cisco Security Advisory: Cisco Unified Communications Domain Manager
Remote Code Execution Vulnerability

Advisory ID: cisco-sa-20180221-ucdm

Revision: 1.0

For Public Release: 2018 February 21 16:00 GMT

Last Updated: 2018 February 21 16:00 GMT

CVE ID(s): CVE-2018-0124

CVSS Score v(3): 9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

+---------------------------------------------------------------------

Summary
=======
A vulnerability in Cisco Unified Communications Domain Manager could
allow an unauthenticated, remote attacker to bypass security
protections, gain elevated privileges, and execute arbitrary code.

The vulnerability is due to insecure key generation during application
configuration. An attacker could exploit this vulnerability by using a
known insecure key value to bypass security protections by sending
arbitrary requests using the insecure key to a targeted application. An
exploit could allow the attacker to execute arbitrary code.

Cisco has released software updates that address this vulnerability.
There are no workarounds that address this vulnerability.

This advisory is available at the following link:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180221-ucdm
["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180221-ucdm"]


==========================================================
+ CERT-RENATER          | tel : 01-53-94-20-44           +
+ 23 - 25 Rue Daviel    | fax : 01-53-94-20-41           +
+ 75013 Paris           | email: cert@support.renater.fr +
==========================================================