Details of VAR-201604-0478

ID

VAR-201604-0478

CVE

CVE-2015-6360

TITLE

Cisco libSRTP Service disruption in the encryption processing function (DoS) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2015-007102

DESCRIPTION

The encryption-processing feature in Cisco libSRTP before 1.5.3 allows remote attackers to cause a denial of service via crafted fields in SRTP packets, aka Bug ID CSCux00686. Cisco libSRTP The encryption processing function of the service disruption of service operation (DoS) There are vulnerabilities that are put into a state. Cisco libsrtp is prone to a remote denial-of-service vulnerability because it fails to properly handle certain types of packets. An attacker can exploit this issue to crash the affected application, resulting in denial-of-service conditions. The issue is fixed in libsrtp 1.5.3. This issue being tracked by Cisco Bug IDs CSCux00686, CSCux00697, CSCux00707, CSCux00708, CSCux00711, CSCux00716, CSCux00729, CSCux00742, CSCux00745, CSCux00748, CSCux01782, CSCux01786, CSCux04317, CSCux35568 and CSCux37802. Cisco libsrtp is a library used by Cisco to implement the Secure Real-time Transport Protocol (SRTP). RTP is used for Voice over IP (VoIP) and audio and video streaming. SRTP adds privacy and authentication. A security vulnerability exists in the encryption-processing functionality of Cisco libsrtp prior to 1.5.3. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: libsrtp security and bug fix update Advisory ID: RHSA-2020:3873-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2020:3873 Issue date: 2020-09-29 CVE Names: CVE-2013-2139 CVE-2015-6360 ==================================================================== 1. Summary: An update for libsrtp is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64 3. Description: The libsrtp package provides an implementation of the Secure Real-time Transport Protocol (SRTP), the Universal Security Transform (UST), and a supporting cryptographic kernel. Security Fix(es): * libsrtp: improper handling of CSRC count and extension header length in RTP header (CVE-2015-6360) * libsrtp: buffer overflow in application of crypto profiles (CVE-2013-2139) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.9 Release Notes linked from the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 970697 - CVE-2013-2139 libsrtp: buffer overflow in application of crypto profiles 1301202 - libsrtp global-buffer-overflow 1323702 - CVE-2015-6360 libsrtp: improper handling of CSRC count and extension header length in RTP header 1323705 - CVE-2015-6360 libsrtp: improper handling of CSRC count and extension header length in RTP header [rhel-7] 6. Package List: Red Hat Enterprise Linux Client (v. 7): Source: libsrtp-1.4.4-11.20101004cvs.el7.src.rpm x86_64: libsrtp-1.4.4-11.20101004cvs.el7.i686.rpm libsrtp-1.4.4-11.20101004cvs.el7.x86_64.rpm libsrtp-debuginfo-1.4.4-11.20101004cvs.el7.i686.rpm libsrtp-debuginfo-1.4.4-11.20101004cvs.el7.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): x86_64: libsrtp-debuginfo-1.4.4-11.20101004cvs.el7.i686.rpm libsrtp-debuginfo-1.4.4-11.20101004cvs.el7.x86_64.rpm libsrtp-devel-1.4.4-11.20101004cvs.el7.i686.rpm libsrtp-devel-1.4.4-11.20101004cvs.el7.x86_64.rpm Red Hat Enterprise Linux ComputeNode (v. 7): Source: libsrtp-1.4.4-11.20101004cvs.el7.src.rpm x86_64: libsrtp-1.4.4-11.20101004cvs.el7.i686.rpm libsrtp-1.4.4-11.20101004cvs.el7.x86_64.rpm libsrtp-debuginfo-1.4.4-11.20101004cvs.el7.i686.rpm libsrtp-debuginfo-1.4.4-11.20101004cvs.el7.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): x86_64: libsrtp-debuginfo-1.4.4-11.20101004cvs.el7.i686.rpm libsrtp-debuginfo-1.4.4-11.20101004cvs.el7.x86_64.rpm libsrtp-devel-1.4.4-11.20101004cvs.el7.i686.rpm libsrtp-devel-1.4.4-11.20101004cvs.el7.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: libsrtp-1.4.4-11.20101004cvs.el7.src.rpm ppc64: libsrtp-1.4.4-11.20101004cvs.el7.ppc.rpm libsrtp-1.4.4-11.20101004cvs.el7.ppc64.rpm libsrtp-debuginfo-1.4.4-11.20101004cvs.el7.ppc.rpm libsrtp-debuginfo-1.4.4-11.20101004cvs.el7.ppc64.rpm ppc64le: libsrtp-1.4.4-11.20101004cvs.el7.ppc64le.rpm libsrtp-debuginfo-1.4.4-11.20101004cvs.el7.ppc64le.rpm s390x: libsrtp-1.4.4-11.20101004cvs.el7.s390.rpm libsrtp-1.4.4-11.20101004cvs.el7.s390x.rpm libsrtp-debuginfo-1.4.4-11.20101004cvs.el7.s390.rpm libsrtp-debuginfo-1.4.4-11.20101004cvs.el7.s390x.rpm x86_64: libsrtp-1.4.4-11.20101004cvs.el7.i686.rpm libsrtp-1.4.4-11.20101004cvs.el7.x86_64.rpm libsrtp-debuginfo-1.4.4-11.20101004cvs.el7.i686.rpm libsrtp-debuginfo-1.4.4-11.20101004cvs.el7.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 7): ppc64: libsrtp-debuginfo-1.4.4-11.20101004cvs.el7.ppc.rpm libsrtp-debuginfo-1.4.4-11.20101004cvs.el7.ppc64.rpm libsrtp-devel-1.4.4-11.20101004cvs.el7.ppc.rpm libsrtp-devel-1.4.4-11.20101004cvs.el7.ppc64.rpm ppc64le: libsrtp-debuginfo-1.4.4-11.20101004cvs.el7.ppc64le.rpm libsrtp-devel-1.4.4-11.20101004cvs.el7.ppc64le.rpm s390x: libsrtp-debuginfo-1.4.4-11.20101004cvs.el7.s390.rpm libsrtp-debuginfo-1.4.4-11.20101004cvs.el7.s390x.rpm libsrtp-devel-1.4.4-11.20101004cvs.el7.s390.rpm libsrtp-devel-1.4.4-11.20101004cvs.el7.s390x.rpm x86_64: libsrtp-debuginfo-1.4.4-11.20101004cvs.el7.i686.rpm libsrtp-debuginfo-1.4.4-11.20101004cvs.el7.x86_64.rpm libsrtp-devel-1.4.4-11.20101004cvs.el7.i686.rpm libsrtp-devel-1.4.4-11.20101004cvs.el7.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: libsrtp-1.4.4-11.20101004cvs.el7.src.rpm x86_64: libsrtp-1.4.4-11.20101004cvs.el7.i686.rpm libsrtp-1.4.4-11.20101004cvs.el7.x86_64.rpm libsrtp-debuginfo-1.4.4-11.20101004cvs.el7.i686.rpm libsrtp-debuginfo-1.4.4-11.20101004cvs.el7.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 7): x86_64: libsrtp-debuginfo-1.4.4-11.20101004cvs.el7.i686.rpm libsrtp-debuginfo-1.4.4-11.20101004cvs.el7.x86_64.rpm libsrtp-devel-1.4.4-11.20101004cvs.el7.i686.rpm libsrtp-devel-1.4.4-11.20101004cvs.el7.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2013-2139 https://access.redhat.com/security/cve/CVE-2015-6360 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/7.9_release_notes/index 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2020 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBX3OeoNzjgjWX9erEAQiDzQ/+IXUAdmMRlgeg/t8Z+ApQ4ur4BxO/WRBl 5Nd8anDnQzl3uduHgXz7AcsbON2M/jWq5xUfgdydHT8fEQ7g814QbTeNMsbEQ1zS Cuv1XztiGKy5fY5my3P80+kM+tL5uFfZ22oJqpSfS7sqGFzWEl1j+TldgURSva1G XbNudX77Gp975wMDVPJlA9S9Puf59Cz6DQaoYu5Fqzwka8z1RWOdR1IfFlAcBGrO NODvSxOZB+FDzvwikgoVTNay+e7ct+Yb1Ygg1nsGjyexinkchiuKDX2Mnv1Sc/JP vaHARZmpN6llZ8Vo++hd8WGFhsIzocqF0dposlj/PmtuoFydu7x5zpluEFc2mVaM pNCwzggc8BforUdoo6z27qqpiU0o/eTmVR97Jtbzm5BTs+28IGwg6iz374VdoAeP wy1XTj2WBw0ys+0UVkAxwiSWit6RuPRhRf85B7IPsW1BwkvPm4nAi45+50cTUQ5S PldnrWd9VILcfmj1ThdevaiFjkHrAZE4HFRxd1V3uIdIwZyvtP7w4wrt8ma51CyZ isP53JER/PhJY4du3deCo4qqca5SyecLTj/gbqXoPQFn6ppUbNacWPwadjDRA5Nu qPQVoSW8Z+L91vtqM+SGapuxNN0OuqiPFcWOlMyrM8R8MqKIhTQaTLQZE1vCJx5e AhxrRaOeyWw=X+yJ -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3539-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso April 02, 2016 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : srtp CVE ID : CVE-2015-6360 Debian Bug : 807698 Randell Jesup and the Firefox team discovered that srtp, Cisco's reference implementation of the Secure Real-time Transport Protocol (SRTP), does not properly handle RTP header CSRC count and extension header length. For the oldstable distribution (wheezy), this problem has been fixed in version 1.4.4+20100615~dfsg-2+deb7u2. For the stable distribution (jessie), this problem has been fixed in version 1.4.5~20130609~dfsg-1.1+deb8u1. We recommend that you upgrade your srtp packages

Trust: 2.16

sources: NVD: CVE-2015-6360 // JVNDB: JVNDB-2015-007102 // BID: 85793 // VULHUB: VHN-84321 // PACKETSTORM: 159345 // PACKETSTORM: 136530

AFFECTED PRODUCTS

vendor:	cisco	model:	ios xe	scope:	eq	version:	3.11s_3.11.4s	Trust: 1.6
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.15s_3.15.2s	Trust: 1.6
vendor:	cisco	model:	webex meeting center	scope:	eq	version:	base	Trust: 1.6
vendor:	cisco	model:	ip phone 8800 series	scope:	eq	version:	11.0\(1\)	Trust: 1.6
vendor:	cisco	model:	ip phone 8800 series	scope:	eq	version:	10.3\(2\)	Trust: 1.6
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.13s_3.13.0s	Trust: 1.6
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.13s_3.13.1s	Trust: 1.6
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.4.7.29	Trust: 1.6
vendor:	cisco	model:	dx series ip phones	scope:	eq	version:	9.3\(2\)	Trust: 1.6
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.13s_3.13.4s	Trust: 1.6
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.4.2.1	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.5.1.7	Trust: 1.0
vendor:	cisco	model:	unity connection	scope:	eq	version:	11.5\(0.199\)	Trust: 1.0
vendor:	cisco	model:	libsrtp	scope:	lte	version:	1.5.2	Trust: 1.0
vendor:	cisco	model:	unified ip phone 8900 series	scope:	eq	version:	9.0\(3\)	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.3.2	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.4.4.5	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.2.2.16	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.3.5	Trust: 1.0
vendor:	cisco	model:	jabber software development kit	scope:	eq	version:	8.6\(1\)	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.0.3	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.6.1.14	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.7.1.1	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.2.5.26	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.1.2.8	Trust: 1.0
vendor:	cisco	model:	unified ip phone 8900 series	scope:	eq	version:	9.2\(1\)	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.3.1	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.3.2.34	Trust: 1.0
vendor:	cisco	model:	unified ip phone 8900 series	scope:	eq	version:	9.2\(3\)	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.2.3	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.2.2.12	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.0.2.10	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.14s_3.14.0s	Trust: 1.0
vendor:	cisco	model:	unity connection	scope:	eq	version:	7.1\(5b\)su6	Trust: 1.0
vendor:	cisco	model:	unity connection	scope:	eq	version:	7.1\(3b\)su1	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.1.6.10	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.0.4.29	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.4.1	Trust: 1.0
vendor:	cisco	model:	unity connection	scope:	eq	version:	7.1\(5b\)su5	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.2.2.4	Trust: 1.0
vendor:	cisco	model:	unified ip phone 6900 series	scope:	eq	version:	9.3\(2\)	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.2\(0.0\)	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.2.2.8	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.2.2.17	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.2.5.41	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.1.4	Trust: 1.0
vendor:	cisco	model:	unity connection	scope:	eq	version:	8.6\(2a\)su1	Trust: 1.0
vendor:	cisco	model:	unity connection	scope:	eq	version:	7.1\(5\)su1a	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.0.4.20	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.10s_3.10.5s	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.3.3.5	Trust: 1.0
vendor:	cisco	model:	unity connection	scope:	eq	version:	7.1_base	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.2.5.52	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.2.5.13	Trust: 1.0
vendor:	cisco	model:	unified ip phone 8900 series	scope:	eq	version:	9.2\(2\)sr1	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.1.6.8	Trust: 1.0
vendor:	cisco	model:	unified wireless ip phone 7920	scope:	eq	version:	2.0_base	Trust: 1.0
vendor:	cisco	model:	unified ip phone 8900 series	scope:	eq	version:	9.4\(1\)sr1	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.1.6.1	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.2.3	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.4.6	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.4.1.3	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.6.1.1	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.1.3.2	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.2.5	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.4.4.9	Trust: 1.0
vendor:	cisco	model:	unity connection	scope:	eq	version:	10.0.5	Trust: 1.0
vendor:	cisco	model:	unity connection	scope:	eq	version:	11.0\(0.98000.332\)	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.0.4.26	Trust: 1.0
vendor:	cisco	model:	unity connection	scope:	eq	version:	7.1\(3a\)	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.1.5.10	Trust: 1.0
vendor:	cisco	model:	unified wireless ip phone 7920	scope:	eq	version:	1.0\(9\)	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.2.2.10	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.3.2.31	Trust: 1.0
vendor:	cisco	model:	jabber software development kit	scope:	eq	version:	9.2\(5\)	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.0.4.5	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.6.1.10	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.2.4	Trust: 1.0
vendor:	cisco	model:	unity connection	scope:	eq	version:	9.0\(1\)	Trust: 1.0
vendor:	cisco	model:	jabber software development kit	scope:	eq	version:	9.3\(0\)	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.3.1.4	Trust: 1.0
vendor:	cisco	model:	unified wireless ip phone 7920	scope:	eq	version:	1.0_base	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.1.3	Trust: 1.0
vendor:	cisco	model:	unified ip phone 7900 series	scope:	eq	version:	9.9\(9.99001.1\)	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.2.4.1	Trust: 1.0
vendor:	cisco	model:	unity connection	scope:	eq	version:	7.1\(3a\)su1	Trust: 1.0
vendor:	cisco	model:	unity connection	scope:	eq	version:	10.5_base	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.4.4.1	Trust: 1.0
vendor:	cisco	model:	jabber software development kit	scope:	eq	version:	9.2\(6\)	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.7.1	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.4.4	Trust: 1.0
vendor:	cisco	model:	unity connection	scope:	eq	version:	8.6\(2a\)su3	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.3\(2.243\)	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.2.5.50	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.3.2.13	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.7.1.16	Trust: 1.0
vendor:	cisco	model:	unity connection	scope:	eq	version:	2.0_base	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.3.2.39	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.0.2	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.10s_3.10.1xbs	Trust: 1.0
vendor:	cisco	model:	unified ip phone 8900 series	scope:	eq	version:	9.1\(2\)	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.3.3	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.1.5.12	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.3.1.1	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.10s_3.10.7s	Trust: 1.0
vendor:	cisco	model:	unity connection	scope:	eq	version:	7.1\(3\)	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.2.2	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.4.7.15	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.11s_3.11.0s	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.10s_3.10.6s	Trust: 1.0
vendor:	cisco	model:	unified ip phone 8900 series	scope:	eq	version:	9.2\(2\)	Trust: 1.0
vendor:	cisco	model:	unity connection	scope:	eq	version:	10.5\(2\)	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.2\(0.104\)	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.5.1.17	Trust: 1.0
vendor:	cisco	model:	unity connection	scope:	eq	version:	7.1\(1\)	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.2.4	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.10s_3.10.2ts	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.4.7.3	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.0.4.7	Trust: 1.0
vendor:	cisco	model:	unity connection	scope:	eq	version:	7.1\(3a\)su1a	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.3.2.2	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.5.1.6	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.5.1.14	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.7.1.11	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.2.5.40	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.4.3.9	Trust: 1.0
vendor:	cisco	model:	unity connection	scope:	eq	version:	7.1\(5b\)	Trust: 1.0
vendor:	cisco	model:	unified communications manager	scope:	eq	version:	9.9\(9\)st1.9	Trust: 1.0
vendor:	cisco	model:	unified ip phone 8900 series	scope:	eq	version:	9.0\(4\)	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.3.2.25	Trust: 1.0
vendor:	cisco	model:	unity connection	scope:	eq	version:	8.0_base	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.5.1.19	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.1.6	Trust: 1.0
vendor:	cisco	model:	unity connection	scope:	eq	version:	9.1\(1\)	Trust: 1.0
vendor:	cisco	model:	unified ip phone 8900 series	scope:	eq	version:	9.4\(1\)	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.3.1.1	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.1.1.4	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.7.1.13	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.2.2.7	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.4.7.22	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.2.5.46	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.0.3.6	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.0.4.1	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.5.1	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.11s_3.11.1s	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.3.1	Trust: 1.0
vendor:	cisco	model:	unity connection	scope:	eq	version:	8.5_base	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.6.1.12	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.2.5.57	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.5.1.24	Trust: 1.0
vendor:	cisco	model:	unity connection	scope:	eq	version:	7.1\(2a\)su1	Trust: 1.0
vendor:	cisco	model:	unified wireless ip phone 7920	scope:	eq	version:	1.0\(5\)	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.0.4.33	Trust: 1.0
vendor:	cisco	model:	unity connection	scope:	eq	version:	7.1\(3b\)	Trust: 1.0
vendor:	cisco	model:	unity connection	scope:	eq	version:	8.5\(1\)su1	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.7.1.17	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.4.7	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.7.1.3	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.4.7.26	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.0.3.8	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.2.4.4	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.4.5	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.0.4	Trust: 1.0
vendor:	cisco	model:	unity connection	scope:	eq	version:	11.5_base	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.3.2.33	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.3\(1.50\)	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.1.5.21	Trust: 1.0
vendor:	cisco	model:	unity connection	scope:	eq	version:	1.1\(1\)	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.2.2.9	Trust: 1.0
vendor:	cisco	model:	jabber software development kit	scope:	eq	version:	9.2\(7\)	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.2.1	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.4.2	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.7.1.4	Trust: 1.0
vendor:	cisco	model:	unity connection	scope:	eq	version:	11.0_0	Trust: 1.0
vendor:	cisco	model:	unity connection	scope:	eq	version:	2.1_base	Trust: 1.0
vendor:	cisco	model:	unified ip phone 8900 series	scope:	eq	version:	9.1\(1\)sr1	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.3.1.6	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.3.3.1	Trust: 1.0
vendor:	cisco	model:	jabber software development kit	scope:	eq	version:	9.2\(4\)	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.7.1.8	Trust: 1.0
vendor:	cisco	model:	unity connection	scope:	eq	version:	7.1\(5a\)	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.3.2.44	Trust: 1.0
vendor:	cisco	model:	unity connection	scope:	eq	version:	9.1\(1.10\)	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.1.6.6	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.4.7.28	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.3\(2.100\)	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.3\(1.105\)	Trust: 1.0
vendor:	cisco	model:	unity connection	scope:	eq	version:	2.0\(1\)	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.10s_3.10.0s	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.2.2	Trust: 1.0
vendor:	cisco	model:	unity connection	scope:	eq	version:	8.5\(1\)su3	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.1.0.104	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.2.5.33	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.10s_3.10.4s	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.10s_3.10.2s	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.4.4.3	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.0.4.17	Trust: 1.0
vendor:	cisco	model:	unity connection	scope:	eq	version:	7.1\(5b\)su3	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.11s_3.11.3s	Trust: 1.0
vendor:	cisco	model:	unity connection	scope:	eq	version:	8.6_base	Trust: 1.0
vendor:	cisco	model:	jabber software development kit	scope:	eq	version:	9.3\(1\)	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.5.1.21	Trust: 1.0
vendor:	cisco	model:	unity connection	scope:	eq	version:	1.2_base	Trust: 1.0
vendor:	cisco	model:	unity connection	scope:	eq	version:	8.6\(1\)	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.2.5.48	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.4.0	Trust: 1.0
vendor:	cisco	model:	unity connection	scope:	eq	version:	7.1\(5b\)su6a	Trust: 1.0
vendor:	cisco	model:	unity connection	scope:	eq	version:	9.1\(2\)	Trust: 1.0
vendor:	cisco	model:	jabber software development kit	scope:	eq	version:	9.3\(2\)	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.3.2.40	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.1.4.5	Trust: 1.0
vendor:	cisco	model:	jabber software development kit	scope:	eq	version:	9.2\(0\)	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.2.0.45	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.3.3.2	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.2\(3.1\)	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.3.2.4	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.6.1.2	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.0.4.35	Trust: 1.0
vendor:	cisco	model:	ip phone 7800 series	scope:	eq	version:	10.3\(1\)	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.4.5.6	Trust: 1.0
vendor:	cisco	model:	unified wireless ip phone 7920	scope:	eq	version:	1.0\(6\)	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.6.1.5	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.1.1	Trust: 1.0
vendor:	cisco	model:	unified ip phone 8900 series	scope:	eq	version:	9.4\(2\)	Trust: 1.0
vendor:	cisco	model:	jabber software development kit	scope:	eq	version:	9.2\(1\)	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.1.5	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.6.1.17	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.0.4.24	Trust: 1.0
vendor:	cisco	model:	unity connection	scope:	eq	version:	8.6\(1a\)	Trust: 1.0
vendor:	cisco	model:	unity connection	scope:	eq	version:	8.6\(2a\)su2	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.4.3.8	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.1.2	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.1.6.4	Trust: 1.0
vendor:	cisco	model:	jabber software development kit	scope:	eq	version:	9.2\(3\)	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.4.1.11	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.5.1.18	Trust: 1.0
vendor:	cisco	model:	unity connection	scope:	eq	version:	7.1.5es33.32900-33	Trust: 1.0
vendor:	cisco	model:	unified ip phone 8900 series	scope:	eq	version:	9.3\(4\)	Trust: 1.0
vendor:	cisco	model:	jabber software development kit	scope:	eq	version:	9.2\(2\)	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.2.3.3	Trust: 1.0
vendor:	cisco	model:	unity connection	scope:	eq	version:	7.1\(3b\)su2	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.3.2.23	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.3.2	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.6.1.13	Trust: 1.0
vendor:	cisco	model:	jabber software development kit	scope:	eq	version:	9.0\(1\)	Trust: 1.0
vendor:	cisco	model:	unity connection	scope:	eq	version:	7.1\(2b\)su1	Trust: 1.0
vendor:	cisco	model:	unity connection	scope:	eq	version:	7.0_base	Trust: 1.0
vendor:	cisco	model:	unified wireless ip phone 7920	scope:	eq	version:	1.0\(8\)	Trust: 1.0
vendor:	cisco	model:	unity connection	scope:	eq	version:	7.1\(2b\)	Trust: 1.0
vendor:	cisco	model:	unity connection	scope:	eq	version:	8.5\(1\)su4	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.2.5.22	Trust: 1.0
vendor:	cisco	model:	unity connection	scope:	eq	version:	7.1\(5\)	Trust: 1.0
vendor:	cisco	model:	unity connection	scope:	eq	version:	10.0.0	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.2.3.4	Trust: 1.0
vendor:	cisco	model:	unity connection	scope:	eq	version:	8.6\(2a\)	Trust: 1.0
vendor:	cisco	model:	unity connection	scope:	eq	version:	7.1\(5b\)su4	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.15s_3.15.1s	Trust: 1.0
vendor:	cisco	model:	unity connection	scope:	eq	version:	8.5\(1\)su2	Trust: 1.0
vendor:	cisco	model:	unity connection	scope:	eq	version:	8.5\(1\)	Trust: 1.0
vendor:	cisco	model:	unified wireless ip phone 7920	scope:	eq	version:	1.0\(7\)	Trust: 1.0
vendor:	cisco	model:	unified ip phone 7900 series	scope:	eq	version:	9.9_base	Trust: 1.0
vendor:	cisco	model:	unified ip phone 8900 series	scope:	eq	version:	9.0\(1\)sr1	Trust: 1.0
vendor:	cisco	model:	unified ip phone 8900 series	scope:	eq	version:	9.3\(2\)sr1	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.4.2.8	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.0.4.37	Trust: 1.0
vendor:	cisco	model:	unity connection	scope:	eq	version:	8.6\(2\)	Trust: 1.0
vendor:	cisco	model:	unified ip phone 8900 series	scope:	eq	version:	9.2\(4\)	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.2.1	Trust: 1.0
vendor:	cisco	model:	unity connection	scope:	eq	version:	10.5\(2.3009\)	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.4.3	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.7.1.7	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.0.1	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.11s_3.11.2s	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.6.1	Trust: 1.0
vendor:	cisco	model:	unity connection	scope:	eq	version:	7.1\(2a\)	Trust: 1.0
vendor:	cisco	model:	unity connection	scope:	eq	version:	8.5\(1\)su5	Trust: 1.0
vendor:	cisco	model:	unity connection	scope:	eq	version:	8.5\(1\)su6	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.2.1.11	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.4.7.23	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.2.5.55	Trust: 1.0
vendor:	cisco	model:	unity connection	scope:	eq	version:	7.1\(2\)	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.3.2.37	Trust: 1.0
vendor:	cisco	model:	unity connection	scope:	eq	version:	11.0\(0.98000.225\)	Trust: 1.0
vendor:	cisco	model:	unity connection	scope:	eq	version:	7.1\(5b\)su2	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.3.2.41	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	9.1.5.15	Trust: 1.0
vendor:	cisco	model:	ios xe	scope:	eq	version:	3.10s_3.10.1s	Trust: 1.0
vendor:	cisco	model:	adaptive security appliance software	scope:	eq	version:	8.5.1.1	Trust: 1.0
vendor:	cisco	model:	unity connection	scope:	eq	version:	11.5\(0.98\)	Trust: 1.0
vendor:	cisco	model:	unified ip phone 8900 series	scope:	eq	version:	9.3\(1\)	Trust: 1.0
vendor:	cisco	model:	unified ip phone 8900 series	scope:	eq	version:	9.3\(2\)	Trust: 1.0
vendor:	cisco	model:	libsrtp	scope:	lt	version:	1.5.3	Trust: 0.8
vendor:	debian	model:	linux sparc	scope:	eq	version:	6.0	Trust: 0.3
vendor:	debian	model:	linux s/390	scope:	eq	version:	6.0	Trust: 0.3
vendor:	debian	model:	linux powerpc	scope:	eq	version:	6.0	Trust: 0.3
vendor:	debian	model:	linux mips	scope:	eq	version:	6.0	Trust: 0.3
vendor:	debian	model:	linux ia-64	scope:	eq	version:	6.0	Trust: 0.3
vendor:	debian	model:	linux ia-32	scope:	eq	version:	6.0	Trust: 0.3
vendor:	debian	model:	linux arm	scope:	eq	version:	6.0	Trust: 0.3
vendor:	debian	model:	linux amd64	scope:	eq	version:	6.0	Trust: 0.3

sources: BID: 85793 // JVNDB: JVNDB-2015-007102 // CNNVD: CNNVD-201603-465 // NVD: CVE-2015-6360

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2015-6360
value:	HIGH
Trust: 1.0
NVD:	CVE-2015-6360
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201603-465
value:	HIGH
Trust: 0.6
VULHUB:	VHN-84321
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2015-6360
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-84321
severity:	HIGH
baseScore:	7.8
vectorString:	AV:N/AC:L/AU:N/C:N/I:N/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	6.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2015-6360
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-84321 // JVNDB: JVNDB-2015-007102 // CNNVD: CNNVD-201603-465 // NVD: CVE-2015-6360

PROBLEMTYPE DATA

problemtype:

CWE-119

Trust: 1.9

sources: VULHUB: VHN-84321 // JVNDB: JVNDB-2015-007102 // NVD: CVE-2015-6360

THREAT TYPE

remote

Trust: 0.7

sources: PACKETSTORM: 136530 // CNNVD: CNNVD-201603-465

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-201603-465

CONFIGURATIONS

sources: JVNDB: JVNDB-2015-007102

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-84321

PATCH

title:	cisco-sa-20160420-libsrtp	url:	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160420-libsrtp	Trust: 0.8
title:	Cisco libsrtp Remediation measures for denial of service vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=129504	Trust: 0.6

sources: JVNDB: JVNDB-2015-007102 // CNNVD: CNNVD-201603-465

EXTERNAL IDS

db:	NVD	id:	CVE-2015-6360	Trust: 3.0
db:	SECTRACK	id:	1035649	Trust: 1.1
db:	SECTRACK	id:	1035637	Trust: 1.1
db:	SECTRACK	id:	1035651	Trust: 1.1
db:	SECTRACK	id:	1035650	Trust: 1.1
db:	SECTRACK	id:	1035652	Trust: 1.1
db:	SECTRACK	id:	1035648	Trust: 1.1
db:	SECTRACK	id:	1035636	Trust: 1.1
db:	PACKETSTORM	id:	159345	Trust: 0.8
db:	JVNDB	id:	JVNDB-2015-007102	Trust: 0.8
db:	CNNVD	id:	CNNVD-201603-465	Trust: 0.7
db:	AUSCERT	id:	ESB-2020.3354	Trust: 0.6
db:	BID	id:	85793	Trust: 0.4
db:	PACKETSTORM	id:	136530	Trust: 0.2
db:	VULHUB	id:	VHN-84321	Trust: 0.1

sources: VULHUB: VHN-84321 // BID: 85793 // JVNDB: JVNDB-2015-007102 // PACKETSTORM: 159345 // PACKETSTORM: 136530 // CNNVD: CNNVD-201603-465 // NVD: CVE-2015-6360

REFERENCES

url:	http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20160420-libsrtp	Trust: 1.4
url:	http://www.debian.org/security/2016/dsa-3539	Trust: 1.1
url:	http://www.securitytracker.com/id/1035636	Trust: 1.1
url:	http://www.securitytracker.com/id/1035637	Trust: 1.1
url:	http://www.securitytracker.com/id/1035648	Trust: 1.1
url:	http://www.securitytracker.com/id/1035649	Trust: 1.1
url:	http://www.securitytracker.com/id/1035650	Trust: 1.1
url:	http://www.securitytracker.com/id/1035651	Trust: 1.1
url:	http://www.securitytracker.com/id/1035652	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6360	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-6360	Trust: 0.8
url:	https://packetstormsecurity.com/files/159345/red-hat-security-advisory-2020-3873-01.html	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2020.3354/	Trust: 0.6
url:	https://github.com/cisco/libsrtp#readme	Trust: 0.3
url:	https://bugs.mageia.org/show_bug.cgi?id=17540	Trust: 0.3
url:	https://github.com/cisco/libsrtp/releases	Trust: 0.3
url:	https://advisories.mageia.org/mgasa-2016-0037.html	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2015-6360	Trust: 0.2
url:	https://www.redhat.com/mailman/listinfo/rhsa-announce	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2013-2139	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2015-6360	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2013-2139	Trust: 0.1
url:	https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/7.9_release_notes/index	Trust: 0.1
url:	https://bugzilla.redhat.com/):	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2020:3873	Trust: 0.1
url:	https://access.redhat.com/security/team/key/	Trust: 0.1
url:	https://access.redhat.com/articles/11258	Trust: 0.1
url:	https://access.redhat.com/security/updates/classification/#moderate	Trust: 0.1
url:	https://access.redhat.com/security/team/contact/	Trust: 0.1
url:	https://www.debian.org/security/	Trust: 0.1
url:	https://www.debian.org/security/faq	Trust: 0.1

sources: VULHUB: VHN-84321 // BID: 85793 // JVNDB: JVNDB-2015-007102 // PACKETSTORM: 159345 // PACKETSTORM: 136530 // CNNVD: CNNVD-201603-465 // NVD: CVE-2015-6360

CREDITS

Red Hat

Trust: 0.7

sources: PACKETSTORM: 159345 // CNNVD: CNNVD-201603-465

SOURCES

db:	VULHUB	id:	VHN-84321
db:	BID	id:	85793
db:	JVNDB	id:	JVNDB-2015-007102
db:	PACKETSTORM	id:	159345
db:	PACKETSTORM	id:	136530
db:	CNNVD	id:	CNNVD-201603-465
db:	NVD	id:	CVE-2015-6360

LAST UPDATE DATE

2024-08-14T14:46:50.100000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-84321	date:	2017-11-04T00:00:00
db:	BID	id:	85793	date:	2016-07-06T14:31:00
db:	JVNDB	id:	JVNDB-2015-007102	date:	2016-04-27T00:00:00
db:	CNNVD	id:	CNNVD-201603-465	date:	2020-10-09T00:00:00
db:	NVD	id:	CVE-2015-6360	date:	2023-08-15T14:52:02.310

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-84321	date:	2016-04-21T00:00:00
db:	BID	id:	85793	date:	2016-01-29T00:00:00
db:	JVNDB	id:	JVNDB-2015-007102	date:	2016-04-27T00:00:00
db:	PACKETSTORM	id:	159345	date:	2020-09-30T15:42:49
db:	PACKETSTORM	id:	136530	date:	2016-04-04T16:46:53
db:	CNNVD	id:	CNNVD-201603-465	date:	2016-02-01T00:00:00
db:	NVD	id:	CVE-2015-6360	date:	2016-04-21T10:59:00.117