Details of VAR-201504-0197

ID

VAR-201504-0197

CVE

CVE-2015-0612

TITLE

Cisco Unity Connection of Connection Conversation Manager Service disruption in the process (DoS) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2015-002084

DESCRIPTION

The Connection Conversation Manager (aka CuCsMgr) process in Cisco Unity Connection 8.5 before 8.5(1)SU6, 8.6 before 8.6(2a)SU4, and 9.x before 9.1(2)SU2, when SIP trunk integration is enabled, allows remote attackers to cause a denial of service (SIP outage) via a crafted UDP packet, aka Bug ID CSCuh25062. Vendors have confirmed this vulnerability Bug ID CSCuh25062 It is released as. Supplementary information : CWE Vulnerability type by CWE-19: Data Handling ( Data processing ) Has been identified. http://cwe.mitre.org/data/definitions/19.htmlSkillfully crafted by a third party UDP Service disruption via packets (SIP Stop ) There is a possibility of being put into a state. Cisco Unity Connection is prone to multiple denial-of-service vulnerabilities. An attacker can exploit these issues to cause denial of service condition. These issues are being tracked by Cisco Bug IDs CSCuh25062, CSCul20444, CSCul26267, CSCul28089, CSCul69819. Cisco Unity Connection (UC) is a set of voice message platform of Cisco (Cisco). The platform can use voice commands to make calls or listen to messages "hands-free". The following releases are affected: Cisco Unity Connection 8.5 prior to 8.5(1)SU6, 8.6 prior to 8.6(2a)SU4, and 9.x prior to 9.1(2)SU2

Trust: 1.98

sources: NVD: CVE-2015-0612 // JVNDB: JVNDB-2015-002084 // BID: 73476 // VULHUB: VHN-78558

AFFECTED PRODUCTS

vendor:	cisco	model:	unity connection	scope:	eq	version:	8.5\(1\)su5	Trust: 1.6
vendor:	cisco	model:	unity connection	scope:	eq	version:	8.5\(1\)su4	Trust: 1.6
vendor:	cisco	model:	unity connection	scope:	eq	version:	9.1\(1\)	Trust: 1.6
vendor:	cisco	model:	unity connection	scope:	eq	version:	8.5\(1\)su1	Trust: 1.6
vendor:	cisco	model:	unity connection	scope:	eq	version:	8.6\(2a\)su1	Trust: 1.6
vendor:	cisco	model:	unity connection	scope:	eq	version:	8.6\(1a\)	Trust: 1.6
vendor:	cisco	model:	unity connection	scope:	eq	version:	8.5\(1\)su2	Trust: 1.6
vendor:	cisco	model:	unity connection	scope:	eq	version:	8.6\(2a\)su2	Trust: 1.6
vendor:	cisco	model:	unity connection	scope:	eq	version:	8.5\(1\)	Trust: 1.6
vendor:	cisco	model:	unity connection	scope:	eq	version:	8.5\(1\)su3	Trust: 1.6
vendor:	cisco	model:	unity connection	scope:	eq	version:	8.6\(1\)	Trust: 1.0
vendor:	cisco	model:	unity connection 8.6	scope:	eq	version:	base	Trust: 1.0
vendor:	cisco	model:	unity connection	scope:	eq	version:	9.0\(1\)	Trust: 1.0
vendor:	cisco	model:	unity connection	scope:	eq	version:	9.1\(2\)	Trust: 1.0
vendor:	cisco	model:	unity connection	scope:	eq	version:	8.6\(2a\)su3	Trust: 1.0
vendor:	cisco	model:	unity connection 8.5	scope:	eq	version:	base	Trust: 1.0
vendor:	cisco	model:	unity connection	scope:	eq	version:	8.6\(2\)	Trust: 1.0
vendor:	cisco	model:	unity connection	scope:	eq	version:	8.6\(2a\)	Trust: 1.0
vendor:	cisco	model:	unity connection	scope:	eq	version:	9.1(2)su2	Trust: 0.8
vendor:	cisco	model:	unity connection	scope:	lt	version:	9.x	Trust: 0.8
vendor:	cisco	model:	unity connection 8.6	scope:	-	version:	-	Trust: 0.6
vendor:	cisco	model:	unity connection	scope:	eq	version:	9.1(2)	Trust: 0.3
vendor:	cisco	model:	unity connection	scope:	eq	version:	9.1(1)	Trust: 0.3
vendor:	cisco	model:	unity connection	scope:	eq	version:	9.0(1)	Trust: 0.3
vendor:	cisco	model:	unity connection	scope:	eq	version:	9.0	Trust: 0.3
vendor:	cisco	model:	unity connection	scope:	eq	version:	8.6(2)	Trust: 0.3
vendor:	cisco	model:	unity connection su3	scope:	eq	version:	8.6	Trust: 0.3
vendor:	cisco	model:	unity connection su2	scope:	eq	version:	8.6	Trust: 0.3
vendor:	cisco	model:	unity connection su1	scope:	eq	version:	8.6	Trust: 0.3
vendor:	cisco	model:	unity connection	scope:	eq	version:	8.6(1)	Trust: 0.3
vendor:	cisco	model:	unity connection	scope:	eq	version:	8.6	Trust: 0.3
vendor:	cisco	model:	unity connection 8.5 su6	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	unity connection 8.5 su5	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	unity connection 8.5 su4	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	unity connection 8.5 su3	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	unity connection 8.5 su2	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	unity connection 8.5 su1	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	unity connection	scope:	eq	version:	8.5(1)	Trust: 0.3
vendor:	cisco	model:	unity connection	scope:	eq	version:	8.5	Trust: 0.3
vendor:	cisco	model:	unity connection	scope:	eq	version:	10.5	Trust: 0.3
vendor:	cisco	model:	unity connection	scope:	eq	version:	10.0	Trust: 0.3
vendor:	cisco	model:	unity connection 9.1 su2	scope:	ne	version:	-	Trust: 0.3
vendor:	cisco	model:	unity connection 8.6 su4	scope:	ne	version:	-	Trust: 0.3
vendor:	cisco	model:	unity connection 8.5 su7	scope:	ne	version:	-	Trust: 0.3
vendor:	cisco	model:	unity connection 10.0 su1	scope:	ne	version:	-	Trust: 0.3

sources: BID: 73476 // JVNDB: JVNDB-2015-002084 // CNNVD: CNNVD-201504-062 // NVD: CVE-2015-0612

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2015-0612
value:	HIGH
Trust: 1.0
NVD:	CVE-2015-0612
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201504-062
value:	HIGH
Trust: 0.6
VULHUB:	VHN-78558
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2015-0612
severity:	HIGH
baseScore:	7.1
vectorString:	AV:N/AC:M/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-78558
severity:	HIGH
baseScore:	7.1
vectorString:	AV:N/AC:M/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-78558 // JVNDB: JVNDB-2015-002084 // CNNVD: CNNVD-201504-062 // NVD: CVE-2015-0612

PROBLEMTYPE DATA

problemtype:	CWE-19	Trust: 1.1
problemtype:	CWE-Other	Trust: 0.8

sources: VULHUB: VHN-78558 // JVNDB: JVNDB-2015-002084 // NVD: CVE-2015-0612

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201504-062

TYPE

Design Error

Trust: 0.3

sources: BID: 73476

CONFIGURATIONS

sources: JVNDB: JVNDB-2015-002084

PATCH

title:	cisco-sa-20150401-cuc	url:	http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150401-cuc	Trust: 0.8
title:	37806	url:	http://tools.cisco.com/security/center/viewAlert.x?alertId=37806	Trust: 0.8
title:	cisco-sa-20150401-cuc	url:	http://www.cisco.com/cisco/web/support/JP/112/1128/1128933_cisco-sa-20150401-cuc-j.html	Trust: 0.8

sources: JVNDB: JVNDB-2015-002084

EXTERNAL IDS

db:	NVD	id:	CVE-2015-0612	Trust: 2.8
db:	SECTRACK	id:	1032010	Trust: 1.1
db:	JVNDB	id:	JVNDB-2015-002084	Trust: 0.8
db:	CNNVD	id:	CNNVD-201504-062	Trust: 0.7
db:	BID	id:	73476	Trust: 0.3
db:	VULHUB	id:	VHN-78558	Trust: 0.1

sources: VULHUB: VHN-78558 // BID: 73476 // JVNDB: JVNDB-2015-002084 // CNNVD: CNNVD-201504-062 // NVD: CVE-2015-0612

REFERENCES

url:	http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20150401-cuc	Trust: 2.0
url:	http://www.securitytracker.com/id/1032010	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0612	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-0612	Trust: 0.8
url:	http://www.cisco.com/	Trust: 0.3
url:	http://tools.cisco.com/security/center/viewalert.x?alertid=37807	Trust: 0.3
url:	http://tools.cisco.com/security/center/viewalert.x?alertid=37834	Trust: 0.3
url:	http://tools.cisco.com/security/center/viewalert.x?alertid=37809	Trust: 0.3
url:	http://tools.cisco.com/security/center/viewalert.x?alertid=37806	Trust: 0.3
url:	http://tools.cisco.com/security/center/viewalert.x?alertid=37808	Trust: 0.3

sources: VULHUB: VHN-78558 // BID: 73476 // JVNDB: JVNDB-2015-002084 // CNNVD: CNNVD-201504-062 // NVD: CVE-2015-0612

CREDITS

Cisco

Trust: 0.3

sources: BID: 73476

SOURCES

db:	VULHUB	id:	VHN-78558
db:	BID	id:	73476
db:	JVNDB	id:	JVNDB-2015-002084
db:	CNNVD	id:	CNNVD-201504-062
db:	NVD	id:	CVE-2015-0612

LAST UPDATE DATE

2024-11-23T22:31:09.714000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-78558	date:	2015-09-29T00:00:00
db:	BID	id:	73476	date:	2015-04-01T00:00:00
db:	JVNDB	id:	JVNDB-2015-002084	date:	2015-04-07T00:00:00
db:	CNNVD	id:	CNNVD-201504-062	date:	2015-04-07T00:00:00
db:	NVD	id:	CVE-2015-0612	date:	2024-11-21T02:23:24.600

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-78558	date:	2015-04-03T00:00:00
db:	BID	id:	73476	date:	2015-04-01T00:00:00
db:	JVNDB	id:	JVNDB-2015-002084	date:	2015-04-07T00:00:00
db:	CNNVD	id:	CNNVD-201504-062	date:	2015-04-07T00:00:00
db:	NVD	id:	CVE-2015-0612	date:	2015-04-03T18:59:00.067