CVE-2019-1837

Name of the Vulnerable Software and Affected Versions Cisco Unified Communications Manager versions 10.5, 11.5, 12.0, 12.5

Description A vulnerability in the User Data Services (UDS) API could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on the management GUI. The issue is due to improper validation of input parameters in the UDS API requests. An attacker could exploit this by sending a crafted request to the UDS API, potentially causing the Cisco DB service to quit unexpectedly and preventing admin access to the Unified CM management GUI. Manual intervention may be required to restore normal operation.

Recommendations For versions 10.5, 11.5, 12.0, 12.5, consider temporarily disabling the UDS API until a patch is available to prevent exploitation. Restrict access to the management GUI to minimize the risk of denial of service attacks. Avoid using the affected UDS API endpoints until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.