Cisco Expressway Restricted Call Exploit

A new attack methodology has been identified leveraging a Cisco Expressway and TelePresence denial-of-service vulnerability (CVE-2018-0358).

Threat ID:: CC-2802
Category:: exploit
Threat Severity:: Medium
Threat Vector:: Vulnerability
Published:: 21 November 2018 12:00 AM

Report a cyber attack: call 0300 303 5222 or email [email protected]

This content has been archived

This article no longer conforms to NHS Digital's standards for cyber alerts, and may contain outdated or inaccurate information. Use of this information contained in this page is at your own risk

Summary

A new attack methodology has been identified leveraging a Cisco Expressway and TelePresence denial-of-service vulnerability (CVE-2018-0358).

Threat details

A remote attacker can exploit some of the translation patterns on the Video Communication Server (VCS) and Cisco Unified Communications Manager (CUCM) in order to bypass the rules preventing international dialling. The attacker would then be able to make fraudulent calls to international numbers using local Cisco VCS Expressway systems.

For further information:

CVE-2018-0358

Remediation steps

Type	Step
	Users and administrators are encouraged to review Cisco's Security Advisory and apply the necessary updates. Affected organisations are encouraged to contact Action Fraud to report any suspected fraudulent activity.

CVE Vulnerabilities

Status

CVE-2018-0358

Last edited: 17 February 2020 1:00 pm