Details of VAR-201802-0593

ID

VAR-201802-0593

CVE

CVE-2018-0124

TITLE

Cisco Unified Communications Domain Manager Vulnerabilities related to key management errors

Trust: 0.8

sources: JVNDB: JVNDB-2018-002414

DESCRIPTION

A vulnerability in Cisco Unified Communications Domain Manager could allow an unauthenticated, remote attacker to bypass security protections, gain elevated privileges, and execute arbitrary code. The vulnerability is due to insecure key generation during application configuration. An attacker could exploit this vulnerability by using a known insecure key value to bypass security protections by sending arbitrary requests using the insecure key to a targeted application. An exploit could allow the attacker to execute arbitrary code. This vulnerability affects Cisco Unified Communications Domain Manager releases prior to 11.5(2). Cisco Bug IDs: CSCuv67964. Vendors have confirmed this vulnerability Bug ID CSCuv67964 It is released as.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Failed exploit attempts will result in a denial-of-service condition. This component features scalable, distributed, and highly available enterprise Voice over IP call processing

Trust: 2.07

sources: NVD: CVE-2018-0124 // JVNDB: JVNDB-2018-002414 // BID: 103114 // VULHUB: VHN-118326 // VULMON: CVE-2018-0124

AFFECTED PRODUCTS

vendor:	cisco	model:	unified communications domain manager	scope:	lt	version:	11.5\(2\)	Trust: 1.0
vendor:	cisco	model:	unified communications domain manager	scope:	eq	version:	8.6	Trust: 0.9
vendor:	cisco	model:	unified communications domain manager	scope:	eq	version:	10.6.1	Trust: 0.9
vendor:	cisco	model:	unified communications domain manager	scope:	lt	version:	11.5(2)	Trust: 0.8
vendor:	cisco	model:	unified communications domain manager	scope:	eq	version:	9.0	Trust: 0.6
vendor:	cisco	model:	unified communications domain manager	scope:	eq	version:	10.5\(1.98991.13\)	Trust: 0.6
vendor:	cisco	model:	unified communications domain manager	scope:	eq	version:	8.6\(.2\)	Trust: 0.6
vendor:	cisco	model:	unified communications domain manager	scope:	eq	version:	10.6_base	Trust: 0.6
vendor:	cisco	model:	unified communications domain manager	scope:	eq	version:	-	Trust: 0.6
vendor:	cisco	model:	unified communications domain manager	scope:	eq	version:	10.0	Trust: 0.6
vendor:	cisco	model:	unified communications domain manager	scope:	eq	version:	8.1.4er1	Trust: 0.6
vendor:	cisco	model:	unified communications domain manager	scope:	eq	version:	9.0\(.1\)	Trust: 0.6
vendor:	cisco	model:	unified communications domain manager	scope:	eq	version:	10.1.2	Trust: 0.3
vendor:	cisco	model:	unified communications domain manager	scope:	eq	version:	8.1.4	Trust: 0.3
vendor:	cisco	model:	unified communications domain manager	scope:	eq	version:	8.1.3	Trust: 0.3
vendor:	cisco	model:	unified communications domain manager	scope:	eq	version:	8.1.2	Trust: 0.3
vendor:	cisco	model:	unified communications domain manager	scope:	eq	version:	8.1.1	Trust: 0.3
vendor:	cisco	model:	unified communications domain manager	scope:	eq	version:	6.8.8	Trust: 0.3
vendor:	cisco	model:	unified communications domain manager	scope:	eq	version:	4.4.3	Trust: 0.3
vendor:	cisco	model:	unified communications domain manager	scope:	eq	version:	4.4.2	Trust: 0.3
vendor:	cisco	model:	unified communications domain manager	scope:	eq	version:	8.1(1)	Trust: 0.3
vendor:	cisco	model:	unified communications domain manager	scope:	eq	version:	8.1(.4)	Trust: 0.3
vendor:	cisco	model:	unified communications domain manager	scope:	eq	version:	8.1(.3)	Trust: 0.3
vendor:	cisco	model:	unified communications domain manager	scope:	eq	version:	8.1(.2)	Trust: 0.3
vendor:	cisco	model:	unified communications domain manager	scope:	eq	version:	8.1(.1)	Trust: 0.3
vendor:	cisco	model:	unified communications domain manager	scope:	eq	version:	8.1	Trust: 0.3
vendor:	cisco	model:	unified communications domain manager	scope:	eq	version:	8.0	Trust: 0.3
vendor:	cisco	model:	unified communications domain manager	scope:	eq	version:	7.4	Trust: 0.3
vendor:	cisco	model:	unified communications domain manager	scope:	eq	version:	4.4.1	Trust: 0.3
vendor:	cisco	model:	unified communications domain manager	scope:	eq	version:	10.6(1)	Trust: 0.3
vendor:	cisco	model:	unified communications domain manager	scope:	eq	version:	10.1	Trust: 0.3
vendor:	cisco	model:	hosted collaboration solution	scope:	eq	version:	10.6(2)	Trust: 0.3
vendor:	cisco	model:	unified communications domain manager	scope:	ne	version:	11.5(2)	Trust: 0.3

sources: BID: 103114 // JVNDB: JVNDB-2018-002414 // CNNVD: CNNVD-201802-441 // NVD: CVE-2018-0124

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2018-0124
value:	CRITICAL
Trust: 1.0
NVD:	CVE-2018-0124
value:	CRITICAL
Trust: 0.8
CNNVD:	CNNVD-201802-441
value:	CRITICAL
Trust: 0.6
VULHUB:	VHN-118326
value:	HIGH
Trust: 0.1
VULMON:	CVE-2018-0124
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2018-0124
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-118326
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2018-0124
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-118326 // VULMON: CVE-2018-0124 // JVNDB: JVNDB-2018-002414 // CNNVD: CNNVD-201802-441 // NVD: CVE-2018-0124

PROBLEMTYPE DATA

problemtype:

CWE-320

Trust: 1.9

sources: VULHUB: VHN-118326 // JVNDB: JVNDB-2018-002414 // NVD: CVE-2018-0124

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201802-441

TYPE

encryption problem

Trust: 0.6

sources: CNNVD: CNNVD-201802-441

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-002414

PATCH

title:	cisco-sa-20180221-ucdm	url:	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180221-ucdm	Trust: 0.8
title:	Cisco Unified Communications Domain Manager Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=78520	Trust: 0.6
title:	Cisco: Cisco Unified Communications Domain Manager Remote Code Execution Vulnerability	url:	https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-20180221-ucdm	Trust: 0.1
title:	IBM: IBM Security Bulletin: IBM has announced a release for IBM Security Identity Governance and Intelligence in response to multiple security vulnerabilities	url:	https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=55ea315dfb69fce8383762ac64250315	Trust: 0.1
title:	bot-cisco-vulnerability	url:	https://github.com/joagonzalez/bot-cisco-vulnerability	Trust: 0.1

sources: VULMON: CVE-2018-0124 // JVNDB: JVNDB-2018-002414 // CNNVD: CNNVD-201802-441

EXTERNAL IDS

db:	NVD	id:	CVE-2018-0124	Trust: 2.9
db:	BID	id:	103114	Trust: 2.1
db:	SECTRACK	id:	1040405	Trust: 1.8
db:	JVNDB	id:	JVNDB-2018-002414	Trust: 0.8
db:	CNNVD	id:	CNNVD-201802-441	Trust: 0.7
db:	AUSCERT	id:	ESB-2019.0544	Trust: 0.6
db:	VULHUB	id:	VHN-118326	Trust: 0.1
db:	VULMON	id:	CVE-2018-0124	Trust: 0.1

sources: VULHUB: VHN-118326 // VULMON: CVE-2018-0124 // BID: 103114 // JVNDB: JVNDB-2018-002414 // CNNVD: CNNVD-201802-441 // NVD: CVE-2018-0124

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20180221-ucdm	Trust: 2.2
url:	http://www.securityfocus.com/bid/103114	Trust: 1.9
url:	http://www.securitytracker.com/id/1040405	Trust: 1.8
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0124	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2018-0124	Trust: 0.8
url:	http://www.ibm.com/support/docview.wss?uid=ibm10872142	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/75922	Trust: 0.6
url:	https://www-01.ibm.com/support/docview.wss?uid=ibm10872142	Trust: 0.6
url:	http://www.cisco.com/	Trust: 0.3
url:	https://cwe.mitre.org/data/definitions/320.html	Trust: 0.1
url:	https://github.com/joagonzalez/bot-cisco-vulnerability	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: VULHUB: VHN-118326 // VULMON: CVE-2018-0124 // BID: 103114 // JVNDB: JVNDB-2018-002414 // CNNVD: CNNVD-201802-441 // NVD: CVE-2018-0124

CREDITS

Cisco

Trust: 0.3

sources: BID: 103114

SOURCES

db:	VULHUB	id:	VHN-118326
db:	VULMON	id:	CVE-2018-0124
db:	BID	id:	103114
db:	JVNDB	id:	JVNDB-2018-002414
db:	CNNVD	id:	CNNVD-201802-441
db:	NVD	id:	CVE-2018-0124

LAST UPDATE DATE

2024-11-23T20:04:27.334000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-118326	date:	2019-10-09T00:00:00
db:	VULMON	id:	CVE-2018-0124	date:	2019-10-09T00:00:00
db:	BID	id:	103114	date:	2018-02-21T00:00:00
db:	JVNDB	id:	JVNDB-2018-002414	date:	2018-04-11T00:00:00
db:	CNNVD	id:	CNNVD-201802-441	date:	2019-10-17T00:00:00
db:	NVD	id:	CVE-2018-0124	date:	2024-11-21T03:37:34.243

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-118326	date:	2018-02-22T00:00:00
db:	VULMON	id:	CVE-2018-0124	date:	2018-02-22T00:00:00
db:	BID	id:	103114	date:	2018-02-21T00:00:00
db:	JVNDB	id:	JVNDB-2018-002414	date:	2018-04-11T00:00:00
db:	CNNVD	id:	CNNVD-201802-441	date:	2018-02-22T00:00:00
db:	NVD	id:	CVE-2018-0124	date:	2018-02-22T00:29:00.267