Cisco Bug: CSCuq86376 - X509SubjectNameMaxLength too small causes phone unable to register
Feb 15, 2018
- Cisco Unified Communications Manager (CallManager)
Known Affected Releases
Symptoms: A vulnerability in the Remote Mobile Access Subsystem in the Cisco Unified Communication Manager (CUCM) could allow an unauthenticated, remote attacker to supply a crafted TLS certificate that may be accepted by the affected device. The vulnerability is due to improper validation of the SAN field of a TLS certificate. An attacker could exploit this vulnerability by impersonating a VCS Core device and supplying a certificate signed by a certificate authority trusted by the CUCM, but containing crafted values within the SAN field. Conditions: An affected product with the default configuration running an affected version of software.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.
Bug Details Include
- Full Description (including symptoms, conditions and workarounds)
- Known Fixed Releases
- Related Community Discussions
- Number of Related Support Cases