CVE-2018-0124

Name of the Vulnerable Software and Affected Versions: Cisco Unified Communications Domain Manager versions prior to 11.5(2)

Description: A vulnerability could allow an unauthenticated, remote attacker to bypass security protections, gain elevated privileges, and execute arbitrary code. The issue is due to insecure key generation during application configuration. An attacker could exploit this by using a known insecure key value to bypass security protections and send arbitrary requests to a targeted application, potentially allowing the execution of arbitrary code.

Recommendations: For versions prior to 11.5(2), update to version 11.5(2) or later to resolve the issue. As a temporary workaround, consider restricting access to the application configuration to minimize the risk of exploitation. Avoid using known insecure key values in the application configuration until the issue is resolved.