Details of VAR-201810-0581

ID

VAR-201810-0581

CVE

CVE-2018-15396

TITLE

Cisco Unity Connection Resource management vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2018-013487

DESCRIPTION

A vulnerability in the Bulk Administration Tool (BAT) for Cisco Unity Connection could allow an authenticated, remote attacker to cause high disk utilization, resulting in a denial of service (DoS) condition. The vulnerability exists because the affected software does not restrict the maximum size of certain files that can be written to disk. An attacker who has valid administrator credentials for an affected system could exploit this vulnerability by sending a crafted, remote connection request to an affected system. A successful exploit could allow the attacker to write a file that consumes most of the available disk space on the system, causing application functions to operate abnormally and leading to a DoS condition. Cisco Unity Connection Contains a resource management vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Cisco Unity Connection is prone to a denial of service vulnerability. An attacker can exploit this issue to cause a denial-of-service condition, denying service to legitimate users. This issue is being tracked by Cisco Bug IDs CSCvj79033. Cisco Unity Connection (UC) is a set of voice message platform of Cisco (Cisco). The platform can use voice commands to make calls or listen to messages "hands-free". Bulk Administration Tool (BAT) is one of the batch management tools

Trust: 1.98

sources: NVD: CVE-2018-15396 // JVNDB: JVNDB-2018-013487 // BID: 105824 // VULHUB: VHN-125651

AFFECTED PRODUCTS

vendor:	cisco	model:	unity connection	scope:	eq	version:	12.5	Trust: 1.6
vendor:	cisco	model:	unity connection	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	unity connection	scope:	eq	version:	0	Trust: 0.3

sources: BID: 105824 // JVNDB: JVNDB-2018-013487 // CNNVD: CNNVD-201810-188 // NVD: CVE-2018-15396

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2018-15396
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2018-15396
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201810-188
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-125651
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2018-15396
severity:	MEDIUM
baseScore:	4.0
vectorString:	AV:N/AC:L/AU:S/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	8.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-125651
severity:	MEDIUM
baseScore:	4.0
vectorString:	AV:N/AC:L/AU:S/C:N/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	8.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2018-15396
baseSeverity:	MEDIUM
baseScore:	6.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	HIGH
userInteraction:	NONE
scope:	CHANGED
confidentialityImpact:	NONE
integrityImpact:	NONE
availabilityImpact:	HIGH
exploitabilityScore:	2.3
impactScore:	4.0
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-125651 // JVNDB: JVNDB-2018-013487 // CNNVD: CNNVD-201810-188 // NVD: CVE-2018-15396

PROBLEMTYPE DATA

problemtype:	CWE-399	Trust: 1.8
problemtype:	CWE-400	Trust: 1.1

sources: VULHUB: VHN-125651 // JVNDB: JVNDB-2018-013487 // NVD: CVE-2018-15396

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201810-188

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-201810-188

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-013487

PATCH

title:	cisco-sa-20181003-unity-dos	url:	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181003-unity-dos	Trust: 0.8
title:	Cisco Unity Connection Bulk Administration Tool Remediation of resource management error vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=85402	Trust: 0.6

sources: JVNDB: JVNDB-2018-013487 // CNNVD: CNNVD-201810-188

EXTERNAL IDS

db:	NVD	id:	CVE-2018-15396	Trust: 2.8
db:	SECTRACK	id:	1041782	Trust: 1.7
db:	JVNDB	id:	JVNDB-2018-013487	Trust: 0.8
db:	CNNVD	id:	CNNVD-201810-188	Trust: 0.7
db:	BID	id:	105824	Trust: 0.3
db:	VULHUB	id:	VHN-125651	Trust: 0.1

sources: VULHUB: VHN-125651 // BID: 105824 // JVNDB: JVNDB-2018-013487 // CNNVD: CNNVD-201810-188 // NVD: CVE-2018-15396

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20181003-unity-dos	Trust: 2.0
url:	http://www.securitytracker.com/id/1041782	Trust: 1.7
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-15396	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2018-15396	Trust: 0.8
url:	http://www.cisco.com/	Trust: 0.3

sources: VULHUB: VHN-125651 // BID: 105824 // JVNDB: JVNDB-2018-013487 // CNNVD: CNNVD-201810-188 // NVD: CVE-2018-15396

CREDITS

The vendor reported this issue.

Trust: 0.3

sources: BID: 105824

SOURCES

db:	VULHUB	id:	VHN-125651
db:	BID	id:	105824
db:	JVNDB	id:	JVNDB-2018-013487
db:	CNNVD	id:	CNNVD-201810-188
db:	NVD	id:	CVE-2018-15396

LAST UPDATE DATE

2024-08-14T14:19:47.129000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-125651	date:	2019-10-09T00:00:00
db:	BID	id:	105824	date:	2018-10-03T00:00:00
db:	JVNDB	id:	JVNDB-2018-013487	date:	2019-02-21T00:00:00
db:	CNNVD	id:	CNNVD-201810-188	date:	2019-10-17T00:00:00
db:	NVD	id:	CVE-2018-15396	date:	2019-10-09T23:35:31.593

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-125651	date:	2018-10-05T00:00:00
db:	BID	id:	105824	date:	2018-10-03T00:00:00
db:	JVNDB	id:	JVNDB-2018-013487	date:	2019-02-21T00:00:00
db:	CNNVD	id:	CNNVD-201810-188	date:	2018-10-08T00:00:00
db:	NVD	id:	CVE-2018-15396	date:	2018-10-05T14:29:08.013