CVE-2015-0616

The Connection Conversation Manager (aka CuCsMgr) process in Cisco Unity Connection 8.5 before 8.5(1)SU7, 8.6 before 8.6(2a)SU4, and 9.x before 9.1(2)SU2, when SIP trunk integration is enabled, allows remote attackers to cause a denial of service (core dump and restart) by improperly terminating SIP TCP connections, aka Bug ID CSCul69819.

CVSS v2.0 7.1 HIGH

7.1^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:M/Au:N/C:N/I:N/A:C

Exploitability : 8.6 / Impact : 6.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact COMPLETE

References

Link	Resource
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150401-cuc	Vendor Advisory
http://www.securitytracker.com/id/1032010

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:cisco:unity_connection:8.5\(1\):::::::*
	cpe:2.3:a:cisco:unity_connection:8.5\(1\)su1:::::::*
	cpe:2.3:a:cisco:unity_connection:8.5\(1\)su2:::::::*
	cpe:2.3:a:cisco:unity_connection:8.5\(1\)su3:::::::*
	cpe:2.3:a:cisco:unity_connection:8.5\(1\)su4:::::::*
	cpe:2.3:a:cisco:unity_connection:8.5\(1\)su5:::::::*
	cpe:2.3:a:cisco:unity_connection:8.5\(1\)su6:::::::*
	cpe:2.3:a:cisco:unity_connection:8.5_base:::::::*
	cpe:2.3:a:cisco:unity_connection:8.6\(1\):::::::*
	cpe:2.3:a:cisco:unity_connection:8.6\(1a\):::::::*
	cpe:2.3:a:cisco:unity_connection:8.6\(2\):::::::*
	cpe:2.3:a:cisco:unity_connection:8.6\(2a\):::::::*
	cpe:2.3:a:cisco:unity_connection:8.6\(2a\)su1:::::::*
	cpe:2.3:a:cisco:unity_connection:8.6\(2a\)su2:::::::*
	cpe:2.3:a:cisco:unity_connection:8.6\(2a\)su3:::::::*
	cpe:2.3:a:cisco:unity_connection:8.6_base:::::::*
	cpe:2.3:a:cisco:unity_connection:9.0\(1\):::::::*
	cpe:2.3:a:cisco:unity_connection:9.1\(1\):::::::*
	cpe:2.3:a:cisco:unity_connection:9.1\(2\):::::::*

History

No history.

Information

Published : 2015-04-03 18:59

Updated : 2023-12-10 11:31

NVD link : CVE-2015-0616

Mitre link : CVE-2015-0616

CVE.ORG link : CVE-2015-0616

JSON object : View

Products Affected

cisco

unity_connection

CWE

CWE-19

Data Processing Errors

{"id": "CVE-2015-0616", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.1, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "MEDIUM", "availabilityImpact": "COMPLETE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 6.9, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2015-04-03T18:59:04.757", "references": [{"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150401-cuc", "tags": ["Vendor Advisory"], "source": "ykramarz@cisco.com"}, {"url": "http://www.securitytracker.com/id/1032010", "source": "ykramarz@cisco.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-19"}]}], "descriptions": [{"lang": "en", "value": "The Connection Conversation Manager (aka CuCsMgr) process in Cisco Unity Connection 8.5 before 8.5(1)SU7, 8.6 before 8.6(2a)SU4, and 9.x before 9.1(2)SU2, when SIP trunk integration is enabled, allows remote attackers to cause a denial of service (core dump and restart) by improperly terminating SIP TCP connections, aka Bug ID CSCul69819."}, {"lang": "es", "value": "El proceso Connection Conversation Manager (tambi\u00e9n conocido como CuCsMgr) en Cisco Unity Connection 8.5 anterior a 8.5(1)SU7, 8.6 anterior a 8.6(2a)SU4, y 9.x anterior a 9.1(2)SU2, cuando la integraci\u00f3n de SIP 'trunk' est\u00e1 habilitada, permite a atacantes remotos causar una denegaci\u00f3n de servicio (volcado de n\u00facleo y reinicio) mediante la terminaci\u00f3n incorrecta de las conexiones TCP del protocolo de inicio de sesi\u00f3n (SIP), tambi\u00e9n conocido como Bug ID CSCul69819."}], "lastModified": "2015-09-29T19:31:33.927", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:cisco:unity_connection:8.5\\(1\\):*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "101FCDD0-DC91-4111-975E-DE618D3B4E9A"}, {"criteria": "cpe:2.3:a:cisco:unity_connection:8.5\\(1\\)su1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D386D8CD-D6EA-4705-ABDC-EA6558F5AC30"}, {"criteria": "cpe:2.3:a:cisco:unity_connection:8.5\\(1\\)su2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D4B1917B-197C-4E28-9356-2ACC4C4DB932"}, {"criteria": "cpe:2.3:a:cisco:unity_connection:8.5\\(1\\)su3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5567A000-338E-40D7-9481-674B8FFC142D"}, {"criteria": "cpe:2.3:a:cisco:unity_connection:8.5\\(1\\)su4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AA991A88-D49E-4957-B404-6E3C15C96994"}, {"criteria": "cpe:2.3:a:cisco:unity_connection:8.5\\(1\\)su5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BECA1F06-6FFD-4A0D-B140-B25E39FB8513"}, {"criteria": "cpe:2.3:a:cisco:unity_connection:8.5\\(1\\)su6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2ADCE50E-87C1-49D7-B127-92174327EAB4"}, {"criteria": "cpe:2.3:a:cisco:unity_connection:8.5_base:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8D11810A-80D7-41BB-B370-30218FF52F17"}, {"criteria": "cpe:2.3:a:cisco:unity_connection:8.6\\(1\\):*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C547C041-6C58-44D5-93D7-C02E04E93994"}, {"criteria": "cpe:2.3:a:cisco:unity_connection:8.6\\(1a\\):*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C40F61A6-A992-4DA4-9730-D145055596C2"}, {"criteria": "cpe:2.3:a:cisco:unity_connection:8.6\\(2\\):*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "78970987-BD6E-48A0-AF43-540C925E1F97"}, {"criteria": "cpe:2.3:a:cisco:unity_connection:8.6\\(2a\\):*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "632B8CDD-5ACC-4FFB-950B-480CC43D192D"}, {"criteria": "cpe:2.3:a:cisco:unity_connection:8.6\\(2a\\)su1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7740A5EF-538E-4095-91F5-E4DC03EDB35B"}, {"criteria": "cpe:2.3:a:cisco:unity_connection:8.6\\(2a\\)su2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D805DD4A-269D-4399-B6BF-7F40F98C3BE0"}, {"criteria": "cpe:2.3:a:cisco:unity_connection:8.6\\(2a\\)su3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A06A53BA-668B-41C0-B223-6637487EF113"}, {"criteria": "cpe:2.3:a:cisco:unity_connection:8.6_base:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "82B3ABB4-A33A-4886-9871-C24B33B3AEE2"}, {"criteria": "cpe:2.3:a:cisco:unity_connection:9.0\\(1\\):*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6793E1F6-DC57-4A13-B49D-0ED45E48426C"}, {"criteria": "cpe:2.3:a:cisco:unity_connection:9.1\\(1\\):*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "50CD06E4-0C09-4DD7-B106-56DC680CE333"}, {"criteria": "cpe:2.3:a:cisco:unity_connection:9.1\\(2\\):*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BA2751A8-A3CF-4CC7-A7F2-003165C1AEDB"}], "operator": "OR"}]}], "sourceIdentifier": "ykramarz@cisco.com"}