A Vulnerability in Cisco Unified Communications Domain Manager Could Allow for Remote Code Execution

ITS Advisory Number: 
2018-022
Date(s) Issued: 
Thursday, February 22, 2018
Subject: 
A Vulnerability in Cisco Unified Communications Domain Manager Could Allow for Remote Code Execution
Overview: 

A vulnerability has been identified in the application configuration of Cisco Unified Communications Domain Manager where an insecure key is generated, which could allow for remote code execution. The Cisco Unified Communications Domain Manager facilitates communication conglomeration for IP telephony, video conferencing, and instant messaging systems. Successful exploitation of this vulnerability could result in remote code execution, security protection bypass, and privilege escalation, all within the context of the affected application. Depending on the privileges associated with the application, an attacker could install programs; view, change, or delete data; or create new accounts with full user rights. If this application has been configured to have fewer user rights on the system, exploitation of this vulnerability could have less impact than if it was configured with administrative rights.

THREAT INTELLIGENCE:

There are currently no reports of this vulnerability being actively exploited in the wild.

Systems Affected: 
  • Cisco Unified Communications Domain Manager prior to version 11.5(2)

RISK
GOVERNMENT
Large and medium government entities: 
High
Small government entities: 
High
BUSINESS
Large and medium business entities: 
High
Small business entities: 
High
Home Users: 
N/A
Description: 

A vulnerability has been identified in the application configuration of Cisco Unified Communications Domain Manager where an insecure key is generated during application configuration. An attacker could exploit this vulnerability by using a known insecure key value to bypass security protections by sending arbitrary requests using the insecure key to a targeted application.  Successful exploitation of this vulnerability could result in remote code execution, security protection bypass, and privilege escalation, all within the context of the affected application. Depending on the privileges associated with the application, an attacker could install programs; view, change, or delete data; or create new accounts with full user rights. If this application has been configured to have fewer user rights on the system, exploitation of this vulnerability could have less impact than if it was configured with administrative rights.

Actions: 
  • After appropriate testing, immediately install updates provided by Cisco.
  • Verify no unauthorized system modifications have occurred on system before applying patch.
  • Monitor intrusion detection systems for any signs of anomalous activity.
  • Unless required, limit external network access to affected products