Details of VAR-201504-0199

ID

VAR-201504-0199

CVE

CVE-2015-0614

TITLE

Cisco Unity Connection of Connection Conversation Manager Denial of service in process (DoS) Vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2015-002086

DESCRIPTION

The Connection Conversation Manager (aka CuCsMgr) process in Cisco Unity Connection 8.5 before 8.5(1)SU7, 8.6 before 8.6(2a)SU4, 9.x before 9.1(2)SU2, and 10.0 before 10.0(1)SU1, when SIP trunk integration is enabled, allows remote attackers to cause a denial of service (core dump and restart) via crafted SIP INVITE messages, aka Bug ID CSCul26267. Vendors report this vulnerability Bug ID CSCul26267 Published as. Supplementary information : CWE Vulnerability types by CWE-19: Data Handling ( Data processing ) Has been identified. Cisco Unity Connection is prone to multiple denial-of-service vulnerabilities. An attacker can exploit these issues to cause denial of service condition. These issues are being tracked by Cisco Bug IDs CSCuh25062, CSCul20444, CSCul26267, CSCul28089, CSCul69819. Cisco Unity Connection (UC) is a set of voice message platform of Cisco (Cisco). The platform can use voice commands to make calls or listen to messages "hands-free". The following versions are affected: Cisco Unity Connection 8.5 prior to 8.5(1)SU7, 8.6 prior to 8.6(2a)SU4, 9.x prior to 9.1(2)SU2, and 10.0 prior to 10.0(1)SU1

Trust: 1.98

sources: NVD: CVE-2015-0614 // JVNDB: JVNDB-2015-002086 // BID: 73476 // VULHUB: VHN-78560

AFFECTED PRODUCTS

vendor:	cisco	model:	unity connection	scope:	eq	version:	8.5\(1\)su5	Trust: 1.6
vendor:	cisco	model:	unity connection	scope:	eq	version:	8.5\(1\)su4	Trust: 1.6
vendor:	cisco	model:	unity connection	scope:	eq	version:	8.6\(2a\)su3	Trust: 1.6
vendor:	cisco	model:	unity connection	scope:	eq	version:	8.5\(1\)su1	Trust: 1.6
vendor:	cisco	model:	unity connection	scope:	eq	version:	10.0.0	Trust: 1.6
vendor:	cisco	model:	unity connection	scope:	eq	version:	8.5\(1\)su2	Trust: 1.6
vendor:	cisco	model:	unity connection	scope:	eq	version:	8.5\(1\)	Trust: 1.6
vendor:	cisco	model:	unity connection	scope:	eq	version:	8.5\(1\)su6	Trust: 1.6
vendor:	cisco	model:	unity connection	scope:	eq	version:	8.5\(1\)su3	Trust: 1.6
vendor:	cisco	model:	unity connection	scope:	eq	version:	10.0.5	Trust: 1.6
vendor:	cisco	model:	unity connection	scope:	eq	version:	9.1\(1\)	Trust: 1.0
vendor:	cisco	model:	unity connection	scope:	eq	version:	9.1\(2\)	Trust: 1.0
vendor:	cisco	model:	unity connection	scope:	eq	version:	8.5_base	Trust: 1.0
vendor:	cisco	model:	unity connection	scope:	eq	version:	8.6\(2a\)su1	Trust: 1.0
vendor:	cisco	model:	unity connection	scope:	eq	version:	8.6_base	Trust: 1.0
vendor:	cisco	model:	unity connection	scope:	eq	version:	8.6\(1\)	Trust: 1.0
vendor:	cisco	model:	unity connection	scope:	eq	version:	9.0\(1\)	Trust: 1.0
vendor:	cisco	model:	unity connection	scope:	eq	version:	8.6\(2a\)su2	Trust: 1.0
vendor:	cisco	model:	unity connection	scope:	eq	version:	8.6\(2\)	Trust: 1.0
vendor:	cisco	model:	unity connection	scope:	eq	version:	8.6\(2a\)	Trust: 1.0
vendor:	cisco	model:	unity connection	scope:	eq	version:	8.6\(1a\)	Trust: 1.0
vendor:	cisco	model:	unity connection	scope:	eq	version:	9.1(2)su2	Trust: 0.8
vendor:	cisco	model:	unity connection	scope:	lt	version:	9.x	Trust: 0.8
vendor:	cisco	model:	unity connection 8.6	scope:	-	version:	-	Trust: 0.6
vendor:	cisco	model:	unity connection	scope:	eq	version:	9.1(2)	Trust: 0.3
vendor:	cisco	model:	unity connection	scope:	eq	version:	9.1(1)	Trust: 0.3
vendor:	cisco	model:	unity connection	scope:	eq	version:	9.0(1)	Trust: 0.3
vendor:	cisco	model:	unity connection	scope:	eq	version:	9.0	Trust: 0.3
vendor:	cisco	model:	unity connection	scope:	eq	version:	8.6(2)	Trust: 0.3
vendor:	cisco	model:	unity connection su3	scope:	eq	version:	8.6	Trust: 0.3
vendor:	cisco	model:	unity connection su2	scope:	eq	version:	8.6	Trust: 0.3
vendor:	cisco	model:	unity connection su1	scope:	eq	version:	8.6	Trust: 0.3
vendor:	cisco	model:	unity connection	scope:	eq	version:	8.6(1)	Trust: 0.3
vendor:	cisco	model:	unity connection	scope:	eq	version:	8.6	Trust: 0.3
vendor:	cisco	model:	unity connection 8.5 su6	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	unity connection 8.5 su5	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	unity connection 8.5 su4	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	unity connection 8.5 su3	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	unity connection 8.5 su2	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	unity connection 8.5 su1	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	unity connection	scope:	eq	version:	8.5(1)	Trust: 0.3
vendor:	cisco	model:	unity connection	scope:	eq	version:	8.5	Trust: 0.3
vendor:	cisco	model:	unity connection	scope:	eq	version:	10.5	Trust: 0.3
vendor:	cisco	model:	unity connection	scope:	eq	version:	10.0	Trust: 0.3
vendor:	cisco	model:	unity connection 9.1 su2	scope:	ne	version:	-	Trust: 0.3
vendor:	cisco	model:	unity connection 8.6 su4	scope:	ne	version:	-	Trust: 0.3
vendor:	cisco	model:	unity connection 8.5 su7	scope:	ne	version:	-	Trust: 0.3
vendor:	cisco	model:	unity connection 10.0 su1	scope:	ne	version:	-	Trust: 0.3

sources: BID: 73476 // JVNDB: JVNDB-2015-002086 // CNNVD: CNNVD-201504-064 // NVD: CVE-2015-0614

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2015-0614
value:	HIGH
Trust: 1.0
NVD:	CVE-2015-0614
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201504-064
value:	HIGH
Trust: 0.6
VULHUB:	VHN-78560
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2015-0614
severity:	HIGH
baseScore:	7.1
vectorString:	AV:N/AC:M/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-78560
severity:	HIGH
baseScore:	7.1
vectorString:	AV:N/AC:M/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-78560 // JVNDB: JVNDB-2015-002086 // CNNVD: CNNVD-201504-064 // NVD: CVE-2015-0614

PROBLEMTYPE DATA

problemtype:	CWE-19	Trust: 1.1
problemtype:	CWE-Other	Trust: 0.8

sources: VULHUB: VHN-78560 // JVNDB: JVNDB-2015-002086 // NVD: CVE-2015-0614

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201504-064

TYPE

Design Error

Trust: 0.3

sources: BID: 73476

CONFIGURATIONS

sources: JVNDB: JVNDB-2015-002086

PATCH

title:	cisco-sa-20150401-cuc	url:	http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150401-cuc	Trust: 0.8
title:	37834	url:	http://tools.cisco.com/security/center/viewAlert.x?alertId=37834	Trust: 0.8
title:	cisco-sa-20150401-cuc	url:	http://www.cisco.com/cisco/web/support/JP/112/1128/1128933_cisco-sa-20150401-cuc-j.html	Trust: 0.8

sources: JVNDB: JVNDB-2015-002086

EXTERNAL IDS

db:	NVD	id:	CVE-2015-0614	Trust: 2.8
db:	SECTRACK	id:	1032010	Trust: 1.1
db:	JVNDB	id:	JVNDB-2015-002086	Trust: 0.8
db:	CNNVD	id:	CNNVD-201504-064	Trust: 0.7
db:	BID	id:	73476	Trust: 0.3
db:	VULHUB	id:	VHN-78560	Trust: 0.1

sources: VULHUB: VHN-78560 // BID: 73476 // JVNDB: JVNDB-2015-002086 // CNNVD: CNNVD-201504-064 // NVD: CVE-2015-0614

REFERENCES

url:	http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20150401-cuc	Trust: 2.0
url:	http://www.securitytracker.com/id/1032010	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0614	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-0614	Trust: 0.8
url:	http://www.cisco.com/	Trust: 0.3
url:	http://tools.cisco.com/security/center/viewalert.x?alertid=37807	Trust: 0.3
url:	http://tools.cisco.com/security/center/viewalert.x?alertid=37834	Trust: 0.3
url:	http://tools.cisco.com/security/center/viewalert.x?alertid=37809	Trust: 0.3
url:	http://tools.cisco.com/security/center/viewalert.x?alertid=37806	Trust: 0.3
url:	http://tools.cisco.com/security/center/viewalert.x?alertid=37808	Trust: 0.3

sources: VULHUB: VHN-78560 // BID: 73476 // JVNDB: JVNDB-2015-002086 // CNNVD: CNNVD-201504-064 // NVD: CVE-2015-0614

CREDITS

Cisco

Trust: 0.3

sources: BID: 73476

SOURCES

db:	VULHUB	id:	VHN-78560
db:	BID	id:	73476
db:	JVNDB	id:	JVNDB-2015-002086
db:	CNNVD	id:	CNNVD-201504-064
db:	NVD	id:	CVE-2015-0614

LAST UPDATE DATE

2024-11-23T22:31:09.803000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-78560	date:	2015-09-29T00:00:00
db:	BID	id:	73476	date:	2015-04-01T00:00:00
db:	JVNDB	id:	JVNDB-2015-002086	date:	2015-04-07T00:00:00
db:	CNNVD	id:	CNNVD-201504-064	date:	2015-04-07T00:00:00
db:	NVD	id:	CVE-2015-0614	date:	2024-11-21T02:23:24.810

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-78560	date:	2015-04-03T00:00:00
db:	BID	id:	73476	date:	2015-04-01T00:00:00
db:	JVNDB	id:	JVNDB-2015-002086	date:	2015-04-07T00:00:00
db:	CNNVD	id:	CNNVD-201504-064	date:	2015-04-07T00:00:00
db:	NVD	id:	CVE-2015-0614	date:	2015-04-03T18:59:02.693