Published: 22/02/2018 Updated: 09/10/2019

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9

VMScore: 668

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

A vulnerability in Cisco Unified Communications Domain Manager could allow an unauthenticated, remote malicious user to bypass security protections, gain elevated privileges, and execute arbitrary code. The vulnerability is due to insecure key generation during application configuration. An attacker could exploit this vulnerability by using a known insecure key value to bypass security protections by sending arbitrary requests using the insecure key to a targeted application. An exploit could allow the malicious user to execute arbitrary code. This vulnerability affects Cisco Unified Communications Domain Manager releases before 11.5(2). Cisco Bug IDs: CSCuv67964.

Vulnerable Product	Search on Vulmon	Subscribe to Product
cisco unified communications domain manager

A vulnerability in Cisco Unified Communications Domain Manager could allow an unauthenticated, remote attacker to bypass security protections, gain elevated privileges, and execute arbitrary code The vulnerability is due to insecure key generation during application configuration An attacker could exploit this vulnerability by using a known inse ...

Telegram bot that allows to query cisco ios vulnerability publications through OpenVuln API.

bot-cisco-vulnerability Telegram bot that allows to query cisco ios vulnerability publications through OpenVuln API Content Getting started Start bot Build Run Ansible Module Cisco OpenVuln API References Getting started Dir structure of repo ~/bot-cisco-vulnerability(develop)$ tree -d ├── doc └── src ├── ansible |── config └── s

Register you api at Cisco’s developer portal using the below link apiconsoleciscocom/apps/myapps Now click on register an new app and select the following options and PSRIT in the API section You will now be able to see the API key under your My Apps & Keys Now we will use curl command below to get the access token that will be required to query o

CWE-320 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180221-ucdm http://www.securitytracker.com/id/1040405 http://www.securityfocus.com/bid/103114 https://nvd.nist.gov https://github.com/joagonzalez/bot-cisco-vulnerability https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180221-ucdm

CVE-2018-0124

Vulnerability Summary

Vendor Advisories

Github Repositories

References

Vulmon Search

About

Products

Connect