CVE-2015-0614

The Connection Conversation Manager (aka CuCsMgr) process in Cisco Unity Connection 8.5 before 8.5(1)SU7, 8.6 before 8.6(2a)SU4, 9.x before 9.1(2)SU2, and 10.0 before 10.0(1)SU1, when SIP trunk integration is enabled, allows remote attackers to cause a denial of service (core dump and restart) via crafted SIP INVITE messages, aka Bug ID CSCul26267.

CVSS v2.0 7.1 HIGH

7.1^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:M/Au:N/C:N/I:N/A:C

Exploitability : 8.6 / Impact : 6.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact COMPLETE

References

Link	Resource
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150401-cuc	Vendor Advisory
http://www.securitytracker.com/id/1032010

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:cisco:unity_connection:8.5\(1\):::::::*
	cpe:2.3:a:cisco:unity_connection:8.5\(1\)su1:::::::*
	cpe:2.3:a:cisco:unity_connection:8.5\(1\)su2:::::::*
	cpe:2.3:a:cisco:unity_connection:8.5\(1\)su3:::::::*
	cpe:2.3:a:cisco:unity_connection:8.5\(1\)su4:::::::*
	cpe:2.3:a:cisco:unity_connection:8.5\(1\)su5:::::::*
	cpe:2.3:a:cisco:unity_connection:8.5\(1\)su6:::::::*
	cpe:2.3:a:cisco:unity_connection:8.5_base:::::::*
	cpe:2.3:a:cisco:unity_connection:8.6\(1\):::::::*
	cpe:2.3:a:cisco:unity_connection:8.6\(1a\):::::::*
	cpe:2.3:a:cisco:unity_connection:8.6\(2\):::::::*
	cpe:2.3:a:cisco:unity_connection:8.6\(2a\):::::::*
	cpe:2.3:a:cisco:unity_connection:8.6\(2a\)su1:::::::*
	cpe:2.3:a:cisco:unity_connection:8.6\(2a\)su2:::::::*
	cpe:2.3:a:cisco:unity_connection:8.6\(2a\)su3:::::::*
	cpe:2.3:a:cisco:unity_connection:8.6_base:::::::*
	cpe:2.3:a:cisco:unity_connection:9.0\(1\):::::::*
	cpe:2.3:a:cisco:unity_connection:9.1\(1\):::::::*
	cpe:2.3:a:cisco:unity_connection:9.1\(2\):::::::*
	cpe:2.3:a:cisco:unity_connection:10.0.0:::::::*
	cpe:2.3:a:cisco:unity_connection:10.0.5:::::::*

History

No history.

Information

Published : 2015-04-03 18:59

Updated : 2024-02-28 12:20

NVD link : CVE-2015-0614

Mitre link : CVE-2015-0614

CVE.ORG link : CVE-2015-0614

JSON object : View

Products Affected

cisco

unity_connection

CWE

CWE-19

Data Processing Errors

{"id": "CVE-2015-0614", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.1, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "MEDIUM", "availabilityImpact": "COMPLETE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 6.9, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2015-04-03T18:59:02.693", "references": [{"url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150401-cuc", "tags": ["Vendor Advisory"], "source": "ykramarz@cisco.com"}, {"url": "http://www.securitytracker.com/id/1032010", "source": "ykramarz@cisco.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-19"}]}], "descriptions": [{"lang": "en", "value": "The Connection Conversation Manager (aka CuCsMgr) process in Cisco Unity Connection 8.5 before 8.5(1)SU7, 8.6 before 8.6(2a)SU4, 9.x before 9.1(2)SU2, and 10.0 before 10.0(1)SU1, when SIP trunk integration is enabled, allows remote attackers to cause a denial of service (core dump and restart) via crafted SIP INVITE messages, aka Bug ID CSCul26267."}, {"lang": "es", "value": "El proceso Connection Conversation Manager (tambi\u00e9n conocido como CuCsMgr) en Cisco Unity Connection 8.5 anterior a 8.5(1)SU7, 8.6 anterior a 8.6(2a)SU4, 9.x anterior a 9.1(2)SU2, y 10.0 anterior a 10.0(1)SU1, cuando la integraci\u00f3n SIP 'trunk' est\u00e1 habilitada, permite a atacantes remotos causar una denegaci\u00f3n de servicio (volcado de n\u00facleo y reinicio) a trav\u00e9s de mensajes SIP INVITE manipulados, tambi\u00e9n conocido como Bug ID CSCul26267."}], "lastModified": "2015-09-29T19:32:18.487", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:cisco:unity_connection:8.5\\(1\\):*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "101FCDD0-DC91-4111-975E-DE618D3B4E9A"}, {"criteria": "cpe:2.3:a:cisco:unity_connection:8.5\\(1\\)su1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D386D8CD-D6EA-4705-ABDC-EA6558F5AC30"}, {"criteria": "cpe:2.3:a:cisco:unity_connection:8.5\\(1\\)su2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D4B1917B-197C-4E28-9356-2ACC4C4DB932"}, {"criteria": "cpe:2.3:a:cisco:unity_connection:8.5\\(1\\)su3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5567A000-338E-40D7-9481-674B8FFC142D"}, {"criteria": "cpe:2.3:a:cisco:unity_connection:8.5\\(1\\)su4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AA991A88-D49E-4957-B404-6E3C15C96994"}, {"criteria": "cpe:2.3:a:cisco:unity_connection:8.5\\(1\\)su5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BECA1F06-6FFD-4A0D-B140-B25E39FB8513"}, {"criteria": "cpe:2.3:a:cisco:unity_connection:8.5\\(1\\)su6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2ADCE50E-87C1-49D7-B127-92174327EAB4"}, {"criteria": "cpe:2.3:a:cisco:unity_connection:8.5_base:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8D11810A-80D7-41BB-B370-30218FF52F17"}, {"criteria": "cpe:2.3:a:cisco:unity_connection:8.6\\(1\\):*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C547C041-6C58-44D5-93D7-C02E04E93994"}, {"criteria": "cpe:2.3:a:cisco:unity_connection:8.6\\(1a\\):*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C40F61A6-A992-4DA4-9730-D145055596C2"}, {"criteria": "cpe:2.3:a:cisco:unity_connection:8.6\\(2\\):*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "78970987-BD6E-48A0-AF43-540C925E1F97"}, {"criteria": "cpe:2.3:a:cisco:unity_connection:8.6\\(2a\\):*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "632B8CDD-5ACC-4FFB-950B-480CC43D192D"}, {"criteria": "cpe:2.3:a:cisco:unity_connection:8.6\\(2a\\)su1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7740A5EF-538E-4095-91F5-E4DC03EDB35B"}, {"criteria": "cpe:2.3:a:cisco:unity_connection:8.6\\(2a\\)su2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D805DD4A-269D-4399-B6BF-7F40F98C3BE0"}, {"criteria": "cpe:2.3:a:cisco:unity_connection:8.6\\(2a\\)su3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A06A53BA-668B-41C0-B223-6637487EF113"}, {"criteria": "cpe:2.3:a:cisco:unity_connection:8.6_base:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "82B3ABB4-A33A-4886-9871-C24B33B3AEE2"}, {"criteria": "cpe:2.3:a:cisco:unity_connection:9.0\\(1\\):*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6793E1F6-DC57-4A13-B49D-0ED45E48426C"}, {"criteria": "cpe:2.3:a:cisco:unity_connection:9.1\\(1\\):*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "50CD06E4-0C09-4DD7-B106-56DC680CE333"}, {"criteria": "cpe:2.3:a:cisco:unity_connection:9.1\\(2\\):*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BA2751A8-A3CF-4CC7-A7F2-003165C1AEDB"}, {"criteria": "cpe:2.3:a:cisco:unity_connection:10.0.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A49C1C0B-4B2A-4F13-996D-E3ED1F96C2A6"}, {"criteria": "cpe:2.3:a:cisco:unity_connection:10.0.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C5CC8FF5-F0FA-41E8-AD78-D277AB9776DB"}], "operator": "OR"}]}], "sourceIdentifier": "ykramarz@cisco.com"}