Cisco Unified Communications Manager Remote Mobile Access Subsystem Vulnerability

A vulnerability in the Remote Mobile Access Subsystem in Cisco Unified Communications Manager (Cisco Unified CM) could allow an unauthenticated, remote attacker to supply a crafted Transport Layer Security (TLS) certificate that may be accepted by the affected device.

The vulnerability is due to improper validation of the SAN field of a TLS certificate. An attacker could exploit this vulnerability by impersonating a VCS core device and supplying a certificate signed by a certificate authority trusted by the Cisco Unified CM that contains crafted values in the SAN field.

Cisco has confirmed the vulnerability in a security notice and released software updates.

To exploit this vulnerability, an attacker may need to access a trusted, internal network, impersonate a VCS Core device, and supply a certificate signed by a trusted certificate authority of the targeted device. These requirements may reduce the likelihood of a successful exploit.

Cisco indicates through the CVSS score that functional exploit code exists; however, the code is not known to be publicly available.