CVE-2015-0616

The Connection Conversation Manager (aka CuCsMgr) process in Cisco Unity Connection 8.5 before 8.5(1)SU7, 8.6 before 8.6(2a)SU4, and 9.x before 9.1(2)SU2, when SIP trunk integration is enabled, allows remote attackers to cause a denial of service (core dump and restart) by improperly terminating SIP TCP connections, aka Bug ID CSCul69819.

CVSS v2.0 7.1 HIGH

7.1^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:M/Au:N/C:N/I:N/A:C

Exploitability : 8.6 / Impact : 6.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact COMPLETE

References

Link	Resource
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150401-cuc	Vendor Advisory
http://www.securitytracker.com/id/1032010

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:cisco:unity_connection:8.6\(2a\)su3:::::::*
	cpe:2.3:a:cisco:unity_connection:8.5\(1\):::::::*
	cpe:2.3:a:cisco:unity_connection:8.5\(1\)su1:::::::*
	cpe:2.3:a:cisco:unity_connection:8.5\(1\)su2:::::::*
	cpe:2.3:a:cisco:unity_connection:9.0\(1\):::::::*
	cpe:2.3:a:cisco:unity_connection:9.1\(1\):::::::*
	cpe:2.3:a:cisco:unity_connection:9.1\(2\):::::::*
	cpe:2.3:a:cisco:unity_connection:8.6\(1\):::::::*
	cpe:2.3:a:cisco:unity_connection:8.5_base:::::::*
	cpe:2.3:a:cisco:unity_connection:8.6\(1a\):::::::*
	cpe:2.3:a:cisco:unity_connection:8.6\(2a\):::::::*
	cpe:2.3:a:cisco:unity_connection:8.6\(2a\)su2:::::::*
	cpe:2.3:a:cisco:unity_connection:8.6\(2a\)su1:::::::*
	cpe:2.3:a:cisco:unity_connection:8.5\(1\)su3:::::::*
	cpe:2.3:a:cisco:unity_connection:8.5\(1\)su4:::::::*
	cpe:2.3:a:cisco:unity_connection:8.5\(1\)su5:::::::*
	cpe:2.3:a:cisco:unity_connection:8.5\(1\)su6:::::::*
	cpe:2.3:a:cisco:unity_connection:8.6_base:::::::*
	cpe:2.3:a:cisco:unity_connection:8.6\(2\):::::::*

Information

Published : 2015-04-03 11:59

Updated : 2015-09-29 12:31

NVD link : CVE-2015-0616

Mitre link : CVE-2015-0616

JSON object : View

CWE

CWE-19

Data Processing Errors

Products Affected

cisco

unity_connection

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150401-cuc", "name": "20150401 Multiple Vulnerabilities in Cisco Unity Connection", "tags": ["Vendor Advisory"], "refsource": "CISCO"}, {"url": "http://www.securitytracker.com/id/1032010", "name": "1032010", "tags": [], "refsource": "SECTRACK"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "The Connection Conversation Manager (aka CuCsMgr) process in Cisco Unity Connection 8.5 before 8.5(1)SU7, 8.6 before 8.6(2a)SU4, and 9.x before 9.1(2)SU2, when SIP trunk integration is enabled, allows remote attackers to cause a denial of service (core dump and restart) by improperly terminating SIP TCP connections, aka Bug ID CSCul69819."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-19"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2015-0616", "ASSIGNER": "psirt@cisco.com"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 7.1, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "MEDIUM", "availabilityImpact": "COMPLETE", "confidentialityImpact": "NONE"}, "severity": "HIGH", "impactScore": 6.9, "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2015-04-03T18:59Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:cisco:unity_connection:8.6\\(2a\\)su3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:cisco:unity_connection:8.5\\(1\\):*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:cisco:unity_connection:8.5\\(1\\)su1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:cisco:unity_connection:8.5\\(1\\)su2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:cisco:unity_connection:9.0\\(1\\):*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:cisco:unity_connection:9.1\\(1\\):*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:cisco:unity_connection:9.1\\(2\\):*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:cisco:unity_connection:8.6\\(1\\):*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:cisco:unity_connection:8.5_base:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:cisco:unity_connection:8.6\\(1a\\):*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:cisco:unity_connection:8.6\\(2a\\):*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:cisco:unity_connection:8.6\\(2a\\)su2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:cisco:unity_connection:8.6\\(2a\\)su1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:cisco:unity_connection:8.5\\(1\\)su3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:cisco:unity_connection:8.5\\(1\\)su4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:cisco:unity_connection:8.5\\(1\\)su5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:cisco:unity_connection:8.5\\(1\\)su6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:cisco:unity_connection:8.6_base:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:cisco:unity_connection:8.6\\(2\\):*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2015-09-29T19:31Z"}

7.1 /10