Details of VAR-201504-0200

ID

VAR-201504-0200

CVE

CVE-2015-0615

TITLE

Cisco Unity Connection Service disruption in the implementation of call processing (DoS) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2015-002087

DESCRIPTION

The call-handling implementation in Cisco Unity Connection 8.5 before 8.5(1)SU7, 8.6 before 8.6(2a)SU4, 9.x before 9.1(2)SU2, and 10.0 before 10.0(1)SU1, when SIP trunk integration is enabled, allows remote attackers to cause a denial of service (port consumption) by improperly terminating SIP sessions, aka Bug ID CSCul28089. Vendors have confirmed this vulnerability Bug ID CSCul28089 It is released as. Supplementary information : CWE Vulnerability type by CWE-19: Data Handling ( Data processing ) Has been identified. http://cwe.mitre.org/data/definitions/19.htmlBy a third party SIP Service operation disruption due to improper termination of session ( Port consumption ) There is a possibility of being put into a state. Cisco Unity Connection is prone to multiple denial-of-service vulnerabilities. An attacker can exploit these issues to cause denial of service condition. These issues are being tracked by Cisco Bug IDs CSCuh25062, CSCul20444, CSCul26267, CSCul28089, CSCul69819. Cisco Unity Connection (UC) is a set of voice message platform of Cisco (Cisco). The platform can use voice commands to make calls or listen to messages "hands-free". The following versions are affected: Cisco Unity Connection 8.5 prior to 8.5(1)SU7, 8.6 prior to 8.6(2a)SU4, 9.x prior to 9.1(2)SU2, and 10.0 prior to 10.0(1)SU1

Trust: 1.98

sources: NVD: CVE-2015-0615 // JVNDB: JVNDB-2015-002087 // BID: 73476 // VULHUB: VHN-78561

AFFECTED PRODUCTS

vendor:	cisco	model:	unity connection	scope:	eq	version:	8.5\(1\)su5	Trust: 1.6
vendor:	cisco	model:	unity connection	scope:	eq	version:	8.5\(1\)su4	Trust: 1.6
vendor:	cisco	model:	unity connection	scope:	eq	version:	8.6\(2a\)su3	Trust: 1.6
vendor:	cisco	model:	unity connection	scope:	eq	version:	8.5\(1\)su1	Trust: 1.6
vendor:	cisco	model:	unity connection	scope:	eq	version:	10.0.0	Trust: 1.6
vendor:	cisco	model:	unity connection	scope:	eq	version:	8.5\(1\)su2	Trust: 1.6
vendor:	cisco	model:	unity connection	scope:	eq	version:	8.5\(1\)	Trust: 1.6
vendor:	cisco	model:	unity connection	scope:	eq	version:	8.5\(1\)su6	Trust: 1.6
vendor:	cisco	model:	unity connection	scope:	eq	version:	8.5\(1\)su3	Trust: 1.6
vendor:	cisco	model:	unity connection	scope:	eq	version:	10.0.5	Trust: 1.6
vendor:	cisco	model:	unity connection	scope:	eq	version:	9.1\(1\)	Trust: 1.0
vendor:	cisco	model:	unity connection	scope:	eq	version:	9.1\(2\)	Trust: 1.0
vendor:	cisco	model:	unity connection	scope:	eq	version:	8.5_base	Trust: 1.0
vendor:	cisco	model:	unity connection	scope:	eq	version:	8.6\(2a\)su1	Trust: 1.0
vendor:	cisco	model:	unity connection	scope:	eq	version:	8.6_base	Trust: 1.0
vendor:	cisco	model:	unity connection	scope:	eq	version:	8.6\(1\)	Trust: 1.0
vendor:	cisco	model:	unity connection	scope:	eq	version:	9.0\(1\)	Trust: 1.0
vendor:	cisco	model:	unity connection	scope:	eq	version:	8.6\(2a\)su2	Trust: 1.0
vendor:	cisco	model:	unity connection	scope:	eq	version:	8.6\(2\)	Trust: 1.0
vendor:	cisco	model:	unity connection	scope:	eq	version:	8.6\(2a\)	Trust: 1.0
vendor:	cisco	model:	unity connection	scope:	eq	version:	8.6\(1a\)	Trust: 1.0
vendor:	cisco	model:	unity connection	scope:	eq	version:	9.1(2)su2	Trust: 0.8
vendor:	cisco	model:	unity connection	scope:	lt	version:	9.x	Trust: 0.8
vendor:	cisco	model:	unity connection 8.6	scope:	-	version:	-	Trust: 0.6
vendor:	cisco	model:	unity connection	scope:	eq	version:	9.1(2)	Trust: 0.3
vendor:	cisco	model:	unity connection	scope:	eq	version:	9.1(1)	Trust: 0.3
vendor:	cisco	model:	unity connection	scope:	eq	version:	9.0(1)	Trust: 0.3
vendor:	cisco	model:	unity connection	scope:	eq	version:	9.0	Trust: 0.3
vendor:	cisco	model:	unity connection	scope:	eq	version:	8.6(2)	Trust: 0.3
vendor:	cisco	model:	unity connection su3	scope:	eq	version:	8.6	Trust: 0.3
vendor:	cisco	model:	unity connection su2	scope:	eq	version:	8.6	Trust: 0.3
vendor:	cisco	model:	unity connection su1	scope:	eq	version:	8.6	Trust: 0.3
vendor:	cisco	model:	unity connection	scope:	eq	version:	8.6(1)	Trust: 0.3
vendor:	cisco	model:	unity connection	scope:	eq	version:	8.6	Trust: 0.3
vendor:	cisco	model:	unity connection 8.5 su6	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	unity connection 8.5 su5	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	unity connection 8.5 su4	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	unity connection 8.5 su3	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	unity connection 8.5 su2	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	unity connection 8.5 su1	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	unity connection	scope:	eq	version:	8.5(1)	Trust: 0.3
vendor:	cisco	model:	unity connection	scope:	eq	version:	8.5	Trust: 0.3
vendor:	cisco	model:	unity connection	scope:	eq	version:	10.5	Trust: 0.3
vendor:	cisco	model:	unity connection	scope:	eq	version:	10.0	Trust: 0.3
vendor:	cisco	model:	unity connection 9.1 su2	scope:	ne	version:	-	Trust: 0.3
vendor:	cisco	model:	unity connection 8.6 su4	scope:	ne	version:	-	Trust: 0.3
vendor:	cisco	model:	unity connection 8.5 su7	scope:	ne	version:	-	Trust: 0.3
vendor:	cisco	model:	unity connection 10.0 su1	scope:	ne	version:	-	Trust: 0.3

sources: BID: 73476 // JVNDB: JVNDB-2015-002087 // CNNVD: CNNVD-201504-065 // NVD: CVE-2015-0615

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2015-0615
value:	HIGH
Trust: 1.0
NVD:	CVE-2015-0615
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201504-065
value:	HIGH
Trust: 0.6
VULHUB:	VHN-78561
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2015-0615
severity:	HIGH
baseScore:	7.1
vectorString:	AV:N/AC:M/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-78561
severity:	HIGH
baseScore:	7.1
vectorString:	AV:N/AC:M/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-78561 // JVNDB: JVNDB-2015-002087 // CNNVD: CNNVD-201504-065 // NVD: CVE-2015-0615

PROBLEMTYPE DATA

problemtype:	CWE-19	Trust: 1.1
problemtype:	CWE-Other	Trust: 0.8

sources: VULHUB: VHN-78561 // JVNDB: JVNDB-2015-002087 // NVD: CVE-2015-0615

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201504-065

TYPE

Design Error

Trust: 0.3

sources: BID: 73476

CONFIGURATIONS

sources: JVNDB: JVNDB-2015-002087

PATCH

title:	cisco-sa-20150401-cuc	url:	http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150401-cuc	Trust: 0.8
title:	37808	url:	http://tools.cisco.com/security/center/viewAlert.x?alertId=37808	Trust: 0.8
title:	cisco-sa-20150401-cuc	url:	http://www.cisco.com/cisco/web/support/JP/112/1128/1128933_cisco-sa-20150401-cuc-j.html	Trust: 0.8

sources: JVNDB: JVNDB-2015-002087

EXTERNAL IDS

db:	NVD	id:	CVE-2015-0615	Trust: 2.8
db:	SECTRACK	id:	1032010	Trust: 1.1
db:	JVNDB	id:	JVNDB-2015-002087	Trust: 0.8
db:	CNNVD	id:	CNNVD-201504-065	Trust: 0.7
db:	BID	id:	73476	Trust: 0.3
db:	VULHUB	id:	VHN-78561	Trust: 0.1

sources: VULHUB: VHN-78561 // BID: 73476 // JVNDB: JVNDB-2015-002087 // CNNVD: CNNVD-201504-065 // NVD: CVE-2015-0615

REFERENCES

url:	http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20150401-cuc	Trust: 2.0
url:	http://www.securitytracker.com/id/1032010	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0615	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-0615	Trust: 0.8
url:	http://www.cisco.com/	Trust: 0.3
url:	http://tools.cisco.com/security/center/viewalert.x?alertid=37807	Trust: 0.3
url:	http://tools.cisco.com/security/center/viewalert.x?alertid=37834	Trust: 0.3
url:	http://tools.cisco.com/security/center/viewalert.x?alertid=37809	Trust: 0.3
url:	http://tools.cisco.com/security/center/viewalert.x?alertid=37806	Trust: 0.3
url:	http://tools.cisco.com/security/center/viewalert.x?alertid=37808	Trust: 0.3

sources: VULHUB: VHN-78561 // BID: 73476 // JVNDB: JVNDB-2015-002087 // CNNVD: CNNVD-201504-065 // NVD: CVE-2015-0615

CREDITS

Cisco

Trust: 0.3

sources: BID: 73476

SOURCES

db:	VULHUB	id:	VHN-78561
db:	BID	id:	73476
db:	JVNDB	id:	JVNDB-2015-002087
db:	CNNVD	id:	CNNVD-201504-065
db:	NVD	id:	CVE-2015-0615

LAST UPDATE DATE

2024-11-23T22:31:09.774000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-78561	date:	2015-09-29T00:00:00
db:	BID	id:	73476	date:	2015-04-01T00:00:00
db:	JVNDB	id:	JVNDB-2015-002087	date:	2015-04-07T00:00:00
db:	CNNVD	id:	CNNVD-201504-065	date:	2015-04-07T00:00:00
db:	NVD	id:	CVE-2015-0615	date:	2024-11-21T02:23:24.920

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-78561	date:	2015-04-03T00:00:00
db:	BID	id:	73476	date:	2015-04-01T00:00:00
db:	JVNDB	id:	JVNDB-2015-002087	date:	2015-04-07T00:00:00
db:	CNNVD	id:	CNNVD-201504-065	date:	2015-04-07T00:00:00
db:	NVD	id:	CVE-2015-0615	date:	2015-04-03T18:59:03.787