Details of VAR-201504-0201

ID

VAR-201504-0201

CVE

CVE-2015-0616

TITLE

Cisco Unity Connection of Connection Conversation Manager Service disruption in the process (DoS) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2015-002088

DESCRIPTION

The Connection Conversation Manager (aka CuCsMgr) process in Cisco Unity Connection 8.5 before 8.5(1)SU7, 8.6 before 8.6(2a)SU4, and 9.x before 9.1(2)SU2, when SIP trunk integration is enabled, allows remote attackers to cause a denial of service (core dump and restart) by improperly terminating SIP TCP connections, aka Bug ID CSCul69819. Vendors have confirmed this vulnerability Bug ID CSCul69819 It is released as. Supplementary information : CWE Vulnerability type by CWE-19: Data Handling ( Data processing ) Has been identified. http://cwe.mitre.org/data/definitions/19.htmlBy a third party SIP TCP Service operation disruption due to improper termination of connection ( Core dump and reboot ) There is a possibility of being put into a state. Cisco Unity Connection is prone to multiple denial-of-service vulnerabilities. An attacker can exploit these issues to cause denial of service condition. These issues are being tracked by Cisco Bug IDs CSCuh25062, CSCul20444, CSCul26267, CSCul28089, CSCul69819. Cisco Unity Connection (UC) is a set of voice message platform of Cisco (Cisco). The platform can use voice commands to make calls or listen to messages "hands-free". The following releases are affected: Cisco Unity Connection 8.5 prior to 8.5(1)SU7, 8.6 prior to 8.6(2a)SU4, and 9.x prior to 9.1(2)SU2

Trust: 1.98

sources: NVD: CVE-2015-0616 // JVNDB: JVNDB-2015-002088 // BID: 73476 // VULHUB: VHN-78562

AFFECTED PRODUCTS

vendor:	cisco	model:	unity connection	scope:	eq	version:	8.5\(1\)su5	Trust: 1.6
vendor:	cisco	model:	unity connection	scope:	eq	version:	8.5\(1\)su4	Trust: 1.6
vendor:	cisco	model:	unity connection	scope:	eq	version:	8.6\(2a\)su3	Trust: 1.6
vendor:	cisco	model:	unity connection	scope:	eq	version:	8.5\(1\)su1	Trust: 1.6
vendor:	cisco	model:	unity connection	scope:	eq	version:	8.6\(2a\)su1	Trust: 1.6
vendor:	cisco	model:	unity connection	scope:	eq	version:	8.5\(1\)su2	Trust: 1.6
vendor:	cisco	model:	unity connection	scope:	eq	version:	8.6\(2a\)su2	Trust: 1.6
vendor:	cisco	model:	unity connection	scope:	eq	version:	8.5\(1\)	Trust: 1.6
vendor:	cisco	model:	unity connection	scope:	eq	version:	8.5\(1\)su6	Trust: 1.6
vendor:	cisco	model:	unity connection	scope:	eq	version:	8.5\(1\)su3	Trust: 1.6
vendor:	cisco	model:	unity connection	scope:	eq	version:	9.1\(1\)	Trust: 1.0
vendor:	cisco	model:	unity connection	scope:	eq	version:	9.1\(2\)	Trust: 1.0
vendor:	cisco	model:	unity connection	scope:	eq	version:	8.5_base	Trust: 1.0
vendor:	cisco	model:	unity connection	scope:	eq	version:	8.6_base	Trust: 1.0
vendor:	cisco	model:	unity connection	scope:	eq	version:	8.6\(1\)	Trust: 1.0
vendor:	cisco	model:	unity connection	scope:	eq	version:	9.0\(1\)	Trust: 1.0
vendor:	cisco	model:	unity connection	scope:	eq	version:	8.6\(2\)	Trust: 1.0
vendor:	cisco	model:	unity connection	scope:	eq	version:	8.6\(2a\)	Trust: 1.0
vendor:	cisco	model:	unity connection	scope:	eq	version:	8.6\(1a\)	Trust: 1.0
vendor:	cisco	model:	unity connection	scope:	eq	version:	9.1(2)su2	Trust: 0.8
vendor:	cisco	model:	unity connection	scope:	lt	version:	9.x	Trust: 0.8
vendor:	cisco	model:	unity connection 8.6	scope:	-	version:	-	Trust: 0.6
vendor:	cisco	model:	unity connection	scope:	eq	version:	9.1(2)	Trust: 0.3
vendor:	cisco	model:	unity connection	scope:	eq	version:	9.1(1)	Trust: 0.3
vendor:	cisco	model:	unity connection	scope:	eq	version:	9.0(1)	Trust: 0.3
vendor:	cisco	model:	unity connection	scope:	eq	version:	9.0	Trust: 0.3
vendor:	cisco	model:	unity connection	scope:	eq	version:	8.6(2)	Trust: 0.3
vendor:	cisco	model:	unity connection su3	scope:	eq	version:	8.6	Trust: 0.3
vendor:	cisco	model:	unity connection su2	scope:	eq	version:	8.6	Trust: 0.3
vendor:	cisco	model:	unity connection su1	scope:	eq	version:	8.6	Trust: 0.3
vendor:	cisco	model:	unity connection	scope:	eq	version:	8.6(1)	Trust: 0.3
vendor:	cisco	model:	unity connection	scope:	eq	version:	8.6	Trust: 0.3
vendor:	cisco	model:	unity connection 8.5 su6	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	unity connection 8.5 su5	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	unity connection 8.5 su4	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	unity connection 8.5 su3	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	unity connection 8.5 su2	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	unity connection 8.5 su1	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	unity connection	scope:	eq	version:	8.5(1)	Trust: 0.3
vendor:	cisco	model:	unity connection	scope:	eq	version:	8.5	Trust: 0.3
vendor:	cisco	model:	unity connection	scope:	eq	version:	10.5	Trust: 0.3
vendor:	cisco	model:	unity connection	scope:	eq	version:	10.0	Trust: 0.3
vendor:	cisco	model:	unity connection 9.1 su2	scope:	ne	version:	-	Trust: 0.3
vendor:	cisco	model:	unity connection 8.6 su4	scope:	ne	version:	-	Trust: 0.3
vendor:	cisco	model:	unity connection 8.5 su7	scope:	ne	version:	-	Trust: 0.3
vendor:	cisco	model:	unity connection 10.0 su1	scope:	ne	version:	-	Trust: 0.3

sources: BID: 73476 // JVNDB: JVNDB-2015-002088 // CNNVD: CNNVD-201504-066 // NVD: CVE-2015-0616

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2015-0616
value:	HIGH
Trust: 1.0
NVD:	CVE-2015-0616
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201504-066
value:	HIGH
Trust: 0.6
VULHUB:	VHN-78562
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2015-0616
severity:	HIGH
baseScore:	7.1
vectorString:	AV:N/AC:M/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-78562
severity:	HIGH
baseScore:	7.1
vectorString:	AV:N/AC:M/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-78562 // JVNDB: JVNDB-2015-002088 // CNNVD: CNNVD-201504-066 // NVD: CVE-2015-0616

PROBLEMTYPE DATA

problemtype:	CWE-19	Trust: 1.1
problemtype:	CWE-Other	Trust: 0.8

sources: VULHUB: VHN-78562 // JVNDB: JVNDB-2015-002088 // NVD: CVE-2015-0616

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201504-066

TYPE

Design Error

Trust: 0.3

sources: BID: 73476

CONFIGURATIONS

sources: JVNDB: JVNDB-2015-002088

PATCH

title:	cisco-sa-20150401-cuc	url:	http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150401-cuc	Trust: 0.8
title:	37809	url:	http://tools.cisco.com/security/center/viewAlert.x?alertId=37809	Trust: 0.8
title:	cisco-sa-20150401-cuc	url:	http://www.cisco.com/cisco/web/support/JP/112/1128/1128933_cisco-sa-20150401-cuc-j.html	Trust: 0.8

sources: JVNDB: JVNDB-2015-002088

EXTERNAL IDS

db:	NVD	id:	CVE-2015-0616	Trust: 2.8
db:	SECTRACK	id:	1032010	Trust: 1.1
db:	JVNDB	id:	JVNDB-2015-002088	Trust: 0.8
db:	CNNVD	id:	CNNVD-201504-066	Trust: 0.6
db:	BID	id:	73476	Trust: 0.3
db:	VULHUB	id:	VHN-78562	Trust: 0.1

sources: VULHUB: VHN-78562 // BID: 73476 // JVNDB: JVNDB-2015-002088 // CNNVD: CNNVD-201504-066 // NVD: CVE-2015-0616

REFERENCES

url:	http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20150401-cuc	Trust: 2.0
url:	http://www.securitytracker.com/id/1032010	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0616	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-0616	Trust: 0.8
url:	http://www.cisco.com/	Trust: 0.3
url:	http://tools.cisco.com/security/center/viewalert.x?alertid=37807	Trust: 0.3
url:	http://tools.cisco.com/security/center/viewalert.x?alertid=37834	Trust: 0.3
url:	http://tools.cisco.com/security/center/viewalert.x?alertid=37809	Trust: 0.3
url:	http://tools.cisco.com/security/center/viewalert.x?alertid=37806	Trust: 0.3
url:	http://tools.cisco.com/security/center/viewalert.x?alertid=37808	Trust: 0.3

sources: VULHUB: VHN-78562 // BID: 73476 // JVNDB: JVNDB-2015-002088 // CNNVD: CNNVD-201504-066 // NVD: CVE-2015-0616

CREDITS

Cisco

Trust: 0.3

sources: BID: 73476

SOURCES

db:	VULHUB	id:	VHN-78562
db:	BID	id:	73476
db:	JVNDB	id:	JVNDB-2015-002088
db:	CNNVD	id:	CNNVD-201504-066
db:	NVD	id:	CVE-2015-0616

LAST UPDATE DATE

2024-11-23T22:31:09.744000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-78562	date:	2015-09-29T00:00:00
db:	BID	id:	73476	date:	2015-04-01T00:00:00
db:	JVNDB	id:	JVNDB-2015-002088	date:	2015-04-07T00:00:00
db:	CNNVD	id:	CNNVD-201504-066	date:	2015-04-07T00:00:00
db:	NVD	id:	CVE-2015-0616	date:	2024-11-21T02:23:25.030

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-78562	date:	2015-04-03T00:00:00
db:	BID	id:	73476	date:	2015-04-01T00:00:00
db:	JVNDB	id:	JVNDB-2015-002088	date:	2015-04-07T00:00:00
db:	CNNVD	id:	CNNVD-201504-066	date:	2015-04-07T00:00:00
db:	NVD	id:	CVE-2015-0616	date:	2015-04-03T18:59:04.757