CVE-2015-0612

The Connection Conversation Manager (aka CuCsMgr) process in Cisco Unity Connection 8.5 before 8.5(1)SU6, 8.6 before 8.6(2a)SU4, and 9.x before 9.1(2)SU2, when SIP trunk integration is enabled, allows remote attackers to cause a denial of service (SIP outage) via a crafted UDP packet, aka Bug ID CSCuh25062.

CVSS v2.0 7.1 HIGH

7.1^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:M/Au:N/C:N/I:N/A:C

Exploitability : 8.6 / Impact : 6.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact COMPLETE

References

Link	Resource
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150401-cuc	Vendor Advisory
http://www.securitytracker.com/id/1032010

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:cisco:unity_connection:8.5\(1\):::::::*
	cpe:2.3:a:cisco:unity_connection:8.5\(1\)su1:::::::*
	cpe:2.3:a:cisco:unity_connection:8.5\(1\)su2:::::::*
	cpe:2.3:a:cisco:unity_connection:8.5\(1\)su3:::::::*
	cpe:2.3:a:cisco:unity_connection:8.5\(1\)su4:::::::*
	cpe:2.3:a:cisco:unity_connection:8.5\(1\)su5:::::::*
	cpe:2.3:a:cisco:unity_connection:8.6\(1\):::::::*
	cpe:2.3:a:cisco:unity_connection:8.6\(1a\):::::::*
	cpe:2.3:a:cisco:unity_connection:8.6\(2\):::::::*
	cpe:2.3:a:cisco:unity_connection:8.6\(2a\):::::::*
	cpe:2.3:a:cisco:unity_connection:8.6\(2a\)su1:::::::*
	cpe:2.3:a:cisco:unity_connection:8.6\(2a\)su2:::::::*
	cpe:2.3:a:cisco:unity_connection:8.6\(2a\)su3:::::::*
	cpe:2.3:a:cisco:unity_connection:9.0\(1\):::::::*
	cpe:2.3:a:cisco:unity_connection:9.1\(1\):::::::*
	cpe:2.3:a:cisco:unity_connection:9.1\(2\):::::::*
	cpe:2.3:a:cisco:unity_connection_8.5:base:::::::*
	cpe:2.3:a:cisco:unity_connection_8.6:base:::::::*

History

No history.

Information

Published : 2015-04-03 18:59

Updated : 2023-12-10 11:31

NVD link : CVE-2015-0612

Mitre link : CVE-2015-0612

CVE.ORG link : CVE-2015-0612

JSON object : View

Products Affected

cisco

unity_connection_8.6
unity_connection_8.5
unity_connection

CWE

CWE-19

Data Processing Errors

{"id": "CVE-2015-0612", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.1, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "MEDIUM", "availabilityImpact": "COMPLETE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 6.9, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2015-04-03T18:59:00.067", "references": [{"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150401-cuc", "tags": ["Vendor Advisory"], "source": "ykramarz@cisco.com"}, {"url": "http://www.securitytracker.com/id/1032010", "source": "ykramarz@cisco.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-19"}]}], "descriptions": [{"lang": "en", "value": "The Connection Conversation Manager (aka CuCsMgr) process in Cisco Unity Connection 8.5 before 8.5(1)SU6, 8.6 before 8.6(2a)SU4, and 9.x before 9.1(2)SU2, when SIP trunk integration is enabled, allows remote attackers to cause a denial of service (SIP outage) via a crafted UDP packet, aka Bug ID CSCuh25062."}, {"lang": "es", "value": "El proceso Connection Conversation Manager (tambi\u00e9n conocido como CuCsMgr) en Cisco Unity Connection 8.5 anterior a 8.5(1)SU6, 8.6 anterior a 8.6(2a)SU4, y 9.x anterior a 9.1(2)SU2, cuando la integraci\u00f3n SIP 'trunk' est\u00e1 habilitada, permite a atacantes remotos causar una denegaci\u00f3n de servicio (interrupci\u00f3n del SIP) a trav\u00e9s de un paquete UDP manipulado, tambi\u00e9n conocido como Bug ID CSCuh25062."}], "lastModified": "2015-09-29T19:32:57.033", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:cisco:unity_connection:8.5\\(1\\):*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "101FCDD0-DC91-4111-975E-DE618D3B4E9A"}, {"criteria": "cpe:2.3:a:cisco:unity_connection:8.5\\(1\\)su1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D386D8CD-D6EA-4705-ABDC-EA6558F5AC30"}, {"criteria": "cpe:2.3:a:cisco:unity_connection:8.5\\(1\\)su2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D4B1917B-197C-4E28-9356-2ACC4C4DB932"}, {"criteria": "cpe:2.3:a:cisco:unity_connection:8.5\\(1\\)su3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5567A000-338E-40D7-9481-674B8FFC142D"}, {"criteria": "cpe:2.3:a:cisco:unity_connection:8.5\\(1\\)su4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AA991A88-D49E-4957-B404-6E3C15C96994"}, {"criteria": "cpe:2.3:a:cisco:unity_connection:8.5\\(1\\)su5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BECA1F06-6FFD-4A0D-B140-B25E39FB8513"}, {"criteria": "cpe:2.3:a:cisco:unity_connection:8.6\\(1\\):*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C547C041-6C58-44D5-93D7-C02E04E93994"}, {"criteria": "cpe:2.3:a:cisco:unity_connection:8.6\\(1a\\):*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C40F61A6-A992-4DA4-9730-D145055596C2"}, {"criteria": "cpe:2.3:a:cisco:unity_connection:8.6\\(2\\):*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "78970987-BD6E-48A0-AF43-540C925E1F97"}, {"criteria": "cpe:2.3:a:cisco:unity_connection:8.6\\(2a\\):*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "632B8CDD-5ACC-4FFB-950B-480CC43D192D"}, {"criteria": "cpe:2.3:a:cisco:unity_connection:8.6\\(2a\\)su1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7740A5EF-538E-4095-91F5-E4DC03EDB35B"}, {"criteria": "cpe:2.3:a:cisco:unity_connection:8.6\\(2a\\)su2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D805DD4A-269D-4399-B6BF-7F40F98C3BE0"}, {"criteria": "cpe:2.3:a:cisco:unity_connection:8.6\\(2a\\)su3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A06A53BA-668B-41C0-B223-6637487EF113"}, {"criteria": "cpe:2.3:a:cisco:unity_connection:9.0\\(1\\):*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6793E1F6-DC57-4A13-B49D-0ED45E48426C"}, {"criteria": "cpe:2.3:a:cisco:unity_connection:9.1\\(1\\):*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "50CD06E4-0C09-4DD7-B106-56DC680CE333"}, {"criteria": "cpe:2.3:a:cisco:unity_connection:9.1\\(2\\):*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BA2751A8-A3CF-4CC7-A7F2-003165C1AEDB"}, {"criteria": "cpe:2.3:a:cisco:unity_connection_8.5:base:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "281886E5-AD01-410C-9014-167AF095CBD5"}, {"criteria": "cpe:2.3:a:cisco:unity_connection_8.6:base:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E2B7575D-4518-4654-8EF9-DEC16A151F82"}], "operator": "OR"}]}], "sourceIdentifier": "ykramarz@cisco.com"}