Cisco issued fixes for its Unified Communications Domain Manager (UCDM) and Elastic Services Controller (ESC) products.
UCDM releases prior to 11.5(2) suffer from a flaw that allows a remote, unauthenticated attacker to bypass security protections, obtain elevated privileges, and execute arbitrary code, Cisco officials said.
“The vulnerability is due to insecure key generation during application configuration. An attacker could exploit this vulnerability by using a known insecure key value to bypass security protections by sending arbitrary requests using the insecure key to a targeted application,” Cisco said in its advisory.
The UCDM hole (CVE-2018-0124) ended up discovered by Cisco during internal security testing.
Also found by Cisco during internal security testing was a critical hole in its ESC product that deals with the authentication functionality of the web-based service portal.
This flaw (CVE-2018-0121) allows a remote attacker to bypass authentication and gain administrative privileges on the service portal. The authentication mechanism can be bypassed by submitting an empty value when prompted to enter an admin password.
The vulnerability affects ESC 3.0.0 and it ended up fixed with the release of version 3.1.0. This version also patches a high severity unauthorized access vulnerability caused by default credentials for the service portal.
Cisco also said there was a high severity denial-of-service (DoS) vulnerability in the Interactive Voice Response (IVR) management connection interface of the company’s Unified Customer Voice Portal (CVP) product. A remote attacker could leverage the vulnerability to cause a DoS condition by initiating a specially crafted connection to the IP address of the targeted device.
Cisco said to their knowledge there is no evidence any of these holes are undergoing exploitation.