ID CISCO-SA-20150401-CUCType ciscoReporter CiscoModified 2015-04-01T16:00:00
Description
Cisco Unity Connection contains multiple vulnerabilities, when it is configured with Session Initiation Protocol (SIP) trunk integration. The vulnerabilities described in this advisory are denial of service vulnerabilities impacting the availability of Cisco Unity Connection for processing SIP messages.
Cisco has released software updates that address these vulnerabilities. Workarounds that mitigate these vulnerabilities are not available.
This advisory is available at the following link:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150401-cuc["http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150401-cuc"]
{"id": "CISCO-SA-20150401-CUC", "vendorId": null, "type": "cisco", "bulletinFamily": "software", "title": "Multiple Vulnerabilities in Cisco Unity Connection", "description": "Cisco Unity Connection contains multiple vulnerabilities, when it is configured with Session Initiation Protocol (SIP) trunk integration. The vulnerabilities described in this advisory are denial of service vulnerabilities impacting the availability of Cisco Unity Connection for processing SIP messages.\n\n \n\nCisco has released software updates that address these vulnerabilities. Workarounds that mitigate these vulnerabilities are not available.\n\nThis advisory is available at the following link:\n\nhttp://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150401-cuc[\"http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150401-cuc\"]", "published": "2015-04-01T16:00:00", "modified": "2015-04-01T16:00:00", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}, "cvss2": {"cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.1, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": false}, "cvss3": {}, "href": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150401-cuc", "reporter": "Cisco", "references": ["http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150401-cuc"], "cvelist": ["CVE-2015-0612", "CVE-2015-0613", "CVE-2015-0614", "CVE-2015-0615", "CVE-2015-0616"], "immutableFields": [], "lastseen": "2022-03-12T03:51:15", "viewCount": 4, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2015-0612", "CVE-2015-0613", "CVE-2015-0614", "CVE-2015-0615", "CVE-2015-0616"]}, {"type": "kaspersky", "idList": ["KLA10532"]}, {"type": "nessus", "idList": ["CISCO_UC_CISCO-SA-20150401-CUC.NASL"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:14364"]}], "rev": 4}, "score": {"value": 6.7, "vector": "NONE"}, "backreferences": {"references": [{"type": "cve", "idList": ["CVE-2015-0612", "CVE-2015-0613", "CVE-2015-0614", "CVE-2015-0615", "CVE-2015-0616"]}, {"type": "kaspersky", "idList": ["KLA10532"]}, {"type": "nessus", "idList": ["CISCO_UC_CISCO-SA-20150401-CUC.NASL"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:14364"]}]}, "exploitation": null, "vulnersScore": 6.7}, "_state": {"dependencies": 1647294868}, "_internal": {}, "affectedSoftware": [{"version": "any", "operator": "eq", "name": "cisco unity connection"}, {"version": "any", "operator": "eq", "name": "cisco unity connection"}], "vendorCvss": {"score": "7.1", "severity": "high"}}
{"nessus": [{"lastseen": "2021-08-19T12:46:14", "description": "The version of Cisco Unity Connection installed on the remote host is 8.5 prior to 8.5(1)SU7 / 8.6 prior to 8.6(2a)SU4 / 9.x prior to 9.1(2)SU2 / 10.x prior to 10.0(1)SU1. It is, therefore, affected by multiple denial of service vulnerabilities :\n\n - A denial of service vulnerability exists in the Connection Conversation Manager (CuCsMgr) due to incorrect processing of specific UDP packets. An unauthenticated, remote attacker can exploit this issue by sending a specific UDP packet to the configured SIP trunk, resulting in the closure of the SIP port and the inability to process any further calls.\n (CVE-2015-0612)\n\n - A denial of service vulnerability exists in the Connection Conversation Manager (CuCsMgr) due to incorrect processing of SIP INVITE messages. An unauthenticated, remote attacker can exploit this, via specially crafted SIP INVITE messages, to trigger a core dump of the CuCsMgr process. (CVE-2015-0613)\n\n - A denial of service vulnerability exists in the Connection Conversation Manager (CuCsMgr) due to incorrect processing of SIP INVITE messages. An unauthenticated, remote attacker can exploit this, via specially crafted SIP INVITE messages, to trigger a core dump of the CuCsMgr process. (CVE-2015-0614)\n\n - A denial of service vulnerability exists in the SIP call handling code due to a failure to release allocated resources under specific connection scenarios. An unauthenticated, remote attacker can exploit this issue by abnormally terminating a SIP session, resulting in the consumption of all available SIP ports thus preventing further connections. (CVE-2015-0615)\n\n - A denial of service vulnerability exists in the Connection Conversation Manager (CuCsMgr) due to improper handling of incorrectly terminated SIP conversations. An unauthenticated, remote attacker can exploit this issue by abnormally terminating a SIP connection, triggering a core dump of the CuCsMgr process. (CVE-2015-0616)\n\nNote that Cisco bug ID CSCuh25062 (CVE-2015-0612) does not affect the 10.0.x branch.\n\nFurther note that Cisco bug ID CSCuh25062 (CVE-2015-0612) is corrected in version 8.5(1)SU6 for the 8.5.x branch. However, version 8.5(1)SU6 is still affected by the other vulnerabilities.", "cvss3": {"score": null, "vector": null}, "published": "2015-04-10T00:00:00", "type": "nessus", "title": "Cisco Unity Connection Multiple Remote DoS (cisco-sa-20150401-cuc)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-0612", "CVE-2015-0613", "CVE-2015-0614", "CVE-2015-0615", "CVE-2015-0616"], "modified": "2018-11-15T00:00:00", "cpe": ["cpe:/a:cisco:unity_connection"], "id": "CISCO_UC_CISCO-SA-20150401-CUC.NASL", "href": "https://www.tenable.com/plugins/nessus/82702", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(82702);\n script_version(\"1.6\");\n script_cvs_date(\"Date: 2018/11/15 20:50:20\");\n\n script_cve_id(\n \"CVE-2015-0612\",\n \"CVE-2015-0613\",\n \"CVE-2015-0614\",\n \"CVE-2015-0615\",\n \"CVE-2015-0616\"\n );\n script_bugtraq_id(73476);\n script_xref(name:\"CISCO-BUG-ID\", value:\"CSCuh25062\");\n script_xref(name:\"IAVA\", value:\"2015-A-0070\");\n script_xref(name:\"CISCO-BUG-ID\", value:\"CSCul20444\");\n script_xref(name:\"CISCO-BUG-ID\", value:\"CSCul26267\");\n script_xref(name:\"CISCO-BUG-ID\", value:\"CSCul28089\");\n script_xref(name:\"CISCO-BUG-ID\", value:\"CSCul69819\");\n script_xref(name:\"CISCO-SA\", value:\"cisco-sa-20150401-cuc\");\n\n script_name(english:\"Cisco Unity Connection Multiple Remote DoS (cisco-sa-20150401-cuc)\");\n script_summary(english:\"Checks the Cisco Unity Connection version.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The version of Cisco Unity Connection installed on the remote host is\naffected by multiple denial of service vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Cisco Unity Connection installed on the remote host is\n8.5 prior to 8.5(1)SU7 / 8.6 prior to 8.6(2a)SU4 / 9.x prior to\n9.1(2)SU2 / 10.x prior to 10.0(1)SU1. It is, therefore, affected by\nmultiple denial of service vulnerabilities :\n\n - A denial of service vulnerability exists in the\n Connection Conversation Manager (CuCsMgr) due to\n incorrect processing of specific UDP packets. An\n unauthenticated, remote attacker can exploit this issue\n by sending a specific UDP packet to the configured SIP\n trunk, resulting in the closure of the SIP port and\n the inability to process any further calls.\n (CVE-2015-0612)\n\n - A denial of service vulnerability exists in the\n Connection Conversation Manager (CuCsMgr) due to\n incorrect processing of SIP INVITE messages. An\n unauthenticated, remote attacker can exploit this, via\n specially crafted SIP INVITE messages, to trigger a core\n dump of the CuCsMgr process. (CVE-2015-0613)\n\n - A denial of service vulnerability exists in the\n Connection Conversation Manager (CuCsMgr) due to\n incorrect processing of SIP INVITE messages. An\n unauthenticated, remote attacker can exploit this, via\n specially crafted SIP INVITE messages, to trigger a core\n dump of the CuCsMgr process. (CVE-2015-0614)\n\n - A denial of service vulnerability exists in the SIP call\n handling code due to a failure to release allocated\n resources under specific connection scenarios. An\n unauthenticated, remote attacker can exploit this issue\n by abnormally terminating a SIP session, resulting in\n the consumption of all available SIP ports thus\n preventing further connections. (CVE-2015-0615)\n\n - A denial of service vulnerability exists in the\n Connection Conversation Manager (CuCsMgr) due to\n improper handling of incorrectly terminated SIP\n conversations. An unauthenticated, remote attacker can\n exploit this issue by abnormally terminating a SIP\n connection, triggering a core dump of the CuCsMgr\n process. (CVE-2015-0616)\n\nNote that Cisco bug ID CSCuh25062 (CVE-2015-0612) does not affect the\n10.0.x branch.\n\nFurther note that Cisco bug ID CSCuh25062 (CVE-2015-0612) is corrected\nin version 8.5(1)SU6 for the 8.5.x branch. However, version 8.5(1)SU6\nis still affected by the other vulnerabilities.\");\n # https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150401-cuc\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?d3846cf2\");\n script_set_attribute(attribute:\"see_also\", value:\"https://tools.cisco.com/security/center/viewAlert.x?alertId=37806\");\n script_set_attribute(attribute:\"see_also\", value:\"https://tools.cisco.com/security/center/viewAlert.x?alertId=37807\");\n script_set_attribute(attribute:\"see_also\", value:\"https://tools.cisco.com/security/center/viewAlert.x?alertId=37834\");\n script_set_attribute(attribute:\"see_also\", value:\"https://tools.cisco.com/security/center/viewAlert.x?alertId=37808\");\n script_set_attribute(attribute:\"see_also\", value:\"https://tools.cisco.com/security/center/viewAlert.x?alertId=37809\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Cisco Unity Connection 8.5(1)SU7 / 8.6(2a)SU4 / 9.1(2)SU2 /\n10.0(1)SU1 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/04/01\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/04/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/04/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:cisco:unity_connection\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CISCO\");\n\n script_copyright(english:\"This script is Copyright (C) 2015-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"cisco_uc_version.nasl\");\n script_require_keys(\"Host/Cisco/Unity_Connection/Version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\nversion = get_kb_item_or_exit(\"Host/Cisco/Unity_Connection/Version\");\n\n# version char '-' converted to '.' in ssh_get_info.nasl\nif (version =~ \"^8\\.5(\\.|$)\") fix = \"8.5.1.17900\";\nelse if (version =~ \"^8\\.6(\\.|$)\") fix = \"8.6.2.24900\";\nelse if (version =~ \"^9\\.[01](\\.|$)\") fix = \"9.1.2.12900\";\nelse if (version =~ \"^10\\.0(\\.|$)\") fix = \"10.0.1.11900\";\nelse fix = \"8.5.1.17900\";\n\nif (ver_compare(ver:version, fix:fix, strict:FALSE) < 0)\n{\n if (report_verbosity > 0)\n {\n report =\n '\\n Installed version : ' + version +\n '\\n Fixed version : ' + fix +\n '\\n';\n security_hole(port:0, extra:report);\n }\n else security_hole(0);\n}\nelse audit(AUDIT_INST_VER_NOT_VULN, \"Cisco Unity Connection\", version);\n", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}}], "securityvulns": [{"lastseen": "2021-06-08T19:15:17", "bulletinFamily": "software", "cvelist": ["CVE-2015-0615", "CVE-2015-0613", "CVE-2015-0614", "CVE-2015-0612", "CVE-2015-0616"], "description": "Multiple DoS conditions.", "edition": 2, "modified": "2015-04-09T00:00:00", "published": "2015-04-09T00:00:00", "id": "SECURITYVULNS:VULN:14364", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:14364", "title": "Cisco Unity Connection multiple security vulnerabilities", "type": "securityvulns", "cvss": {"score": 7.1, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}}], "kaspersky": [{"lastseen": "2021-08-18T11:25:48", "description": "### *Detect date*:\n04/03/2015\n\n### *Severity*:\nHigh\n\n### *Description*:\nAn unspecified vulnerabilities were found in Cisco Unity Connector. By exploiting these vulnerabilities malicious users can cause denial of service. These vulnerabilities can be exploited remotely via SIP messages, sessions and connections manipulation.\n\n### *Affected products*:\nCisco Unity Connection 8.5 versions earlier than 8.5(1)SU7 \nCisco Unity Connection 8.6 versions earlier than 8.6(2a)SU4 \nCisco Unity Connection 9 versions earlier than 9.1(2)SU2 \nCisco Unity Connection 10.0 versions earlier than 10.0(1)SU1\n\n### *Solution*:\nWait for solution by vendor or reconfigure your instance to disable SIP trunk integration\n\n### *Original advisories*:\n[Cisco advisory](<http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150401-cuc>) \n\n\n### *Impacts*:\nDoS \n\n### *Related products*:\n[Cisco Unity Connector](<https://threats.kaspersky.com/en/product/Cisco-Unity-Connector/>)\n\n### *CVE-IDS*:\n[CVE-2015-0614](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0614>)7.1High \n[CVE-2015-0615](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0615>)7.1High \n[CVE-2015-0616](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0616>)7.1High \n[CVE-2015-0612](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0612>)7.1High \n[CVE-2015-0613](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0613>)7.1High", "cvss3": {}, "published": "2015-04-03T00:00:00", "type": "kaspersky", "title": "KLA10532 Denial of service vulnerabilities in Cisco Unity Connection", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.1, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-0612", "CVE-2015-0613", "CVE-2015-0614", "CVE-2015-0615", "CVE-2015-0616"], "modified": "2020-06-03T00:00:00", "id": "KLA10532", "href": "https://threats.kaspersky.com/en/vulnerability/KLA10532/", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}}], "cve": [{"lastseen": "2022-03-23T11:41:08", "description": "The Connection Conversation Manager (aka CuCsMgr) process in Cisco Unity Connection 8.5 before 8.5(1)SU6, 8.6 before 8.6(2a)SU4, and 9.x before 9.1(2)SU2, when SIP trunk integration is enabled, allows remote attackers to cause a denial of service (SIP outage) via a crafted UDP packet, aka Bug ID CSCuh25062.", "cvss3": {}, "published": "2015-04-03T18:59:00", "type": "cve", "title": "CVE-2015-0612", "cwe": ["CWE-19"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.1, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-0612"], "modified": "2015-09-29T19:32:00", "cpe": ["cpe:/a:cisco:unity_connection:8.5\\(1\\)su2", "cpe:/a:cisco:unity_connection_8.5:base", "cpe:/a:cisco:unity_connection:8.5\\(1\\)su5", "cpe:/a:cisco:unity_connection:8.6\\(2a\\)", "cpe:/a:cisco:unity_connection:8.6\\(1\\)", "cpe:/a:cisco:unity_connection:8.6\\(2a\\)su1", "cpe:/a:cisco:unity_connection:8.5\\(1\\)su1", "cpe:/a:cisco:unity_connection:8.6\\(2a\\)su2", "cpe:/a:cisco:unity_connection:8.6\\(2a\\)su3", "cpe:/a:cisco:unity_connection:9.1\\(2\\)", "cpe:/a:cisco:unity_connection:8.6\\(1a\\)", "cpe:/a:cisco:unity_connection:9.1\\(1\\)", "cpe:/a:cisco:unity_connection:9.0\\(1\\)", "cpe:/a:cisco:unity_connection:8.6\\(2\\)", "cpe:/a:cisco:unity_connection:8.5\\(1\\)su4", "cpe:/a:cisco:unity_connection:8.5\\(1\\)", "cpe:/a:cisco:unity_connection_8.6:base", "cpe:/a:cisco:unity_connection:8.5\\(1\\)su3"], "id": "CVE-2015-0612", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0612", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}, "cpe23": ["cpe:2.3:a:cisco:unity_connection:8.6\\(2a\\)su1:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:unity_connection:8.6\\(1\\):*:*:*:*:*:*:*", "cpe:2.3:a:cisco:unity_connection:8.5\\(1\\):*:*:*:*:*:*:*", "cpe:2.3:a:cisco:unity_connection_8.5:base:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:unity_connection:8.5\\(1\\)su4:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:unity_connection_8.6:base:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:unity_connection:8.5\\(1\\)su1:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:unity_connection:8.5\\(1\\)su5:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:unity_connection:8.5\\(1\\)su3:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:unity_connection:9.0\\(1\\):*:*:*:*:*:*:*", "cpe:2.3:a:cisco:unity_connection:8.6\\(2a\\)su3:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:unity_connection:8.6\\(2a\\):*:*:*:*:*:*:*", "cpe:2.3:a:cisco:unity_connection:8.6\\(1a\\):*:*:*:*:*:*:*", "cpe:2.3:a:cisco:unity_connection:9.1\\(1\\):*:*:*:*:*:*:*", "cpe:2.3:a:cisco:unity_connection:9.1\\(2\\):*:*:*:*:*:*:*", "cpe:2.3:a:cisco:unity_connection:8.6\\(2\\):*:*:*:*:*:*:*", "cpe:2.3:a:cisco:unity_connection:8.6\\(2a\\)su2:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:unity_connection:8.5\\(1\\)su2:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T11:41:11", "description": "The Connection Conversation Manager (aka CuCsMgr) process in Cisco Unity Connection 8.5 before 8.5(1)SU7, 8.6 before 8.6(2a)SU4, 9.x before 9.1(2)SU2, and 10.0 before 10.0(1)SU1, when SIP trunk integration is enabled, allows remote attackers to cause a denial of service (core dump and restart) via crafted SIP INVITE messages, aka Bug ID CSCul26267.", "cvss3": {}, "published": "2015-04-03T18:59:00", "type": "cve", "title": "CVE-2015-0614", "cwe": ["CWE-19"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.1, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-0614"], "modified": "2015-09-29T19:32:00", "cpe": ["cpe:/a:cisco:unity_connection:8.5\\(1\\)su5", "cpe:/a:cisco:unity_connection:8.6\\(2a\\)su2", "cpe:/a:cisco:unity_connection:8.6\\(2a\\)su3", "cpe:/a:cisco:unity_connection:10.0.0", "cpe:/a:cisco:unity_connection:8.6\\(1a\\)", "cpe:/a:cisco:unity_connection:8.6_base", "cpe:/a:cisco:unity_connection:8.6\\(2\\)", "cpe:/a:cisco:unity_connection:8.6\\(2a\\)", "cpe:/a:cisco:unity_connection:8.5\\(1\\)su2", "cpe:/a:cisco:unity_connection:8.6\\(1\\)", "cpe:/a:cisco:unity_connection:8.5\\(1\\)su1", "cpe:/a:cisco:unity_connection:8.5\\(1\\)su4", "cpe:/a:cisco:unity_connection:8.5_base", "cpe:/a:cisco:unity_connection:8.6\\(2a\\)su1", "cpe:/a:cisco:unity_connection:10.0.5", "cpe:/a:cisco:unity_connection:9.0\\(1\\)", "cpe:/a:cisco:unity_connection:8.5\\(1\\)su3", "cpe:/a:cisco:unity_connection:9.1\\(2\\)", "cpe:/a:cisco:unity_connection:9.1\\(1\\)", "cpe:/a:cisco:unity_connection:8.5\\(1\\)su6", "cpe:/a:cisco:unity_connection:8.5\\(1\\)"], "id": "CVE-2015-0614", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0614", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}, "cpe23": ["cpe:2.3:a:cisco:unity_connection:8.5\\(1\\)su1:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:unity_connection:8.5_base:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:unity_connection:8.5\\(1\\)su6:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:unity_connection:9.1\\(2\\):*:*:*:*:*:*:*", "cpe:2.3:a:cisco:unity_connection:8.6\\(2a\\)su3:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:unity_connection:8.6\\(1\\):*:*:*:*:*:*:*", "cpe:2.3:a:cisco:unity_connection:8.5\\(1\\)su4:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:unity_connection:8.6\\(2a\\):*:*:*:*:*:*:*", "cpe:2.3:a:cisco:unity_connection:10.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:unity_connection:8.6\\(2\\):*:*:*:*:*:*:*", "cpe:2.3:a:cisco:unity_connection:8.6\\(2a\\)su2:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:unity_connection:8.5\\(1\\):*:*:*:*:*:*:*", "cpe:2.3:a:cisco:unity_connection:8.5\\(1\\)su5:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:unity_connection:8.6\\(1a\\):*:*:*:*:*:*:*", "cpe:2.3:a:cisco:unity_connection:9.1\\(1\\):*:*:*:*:*:*:*", "cpe:2.3:a:cisco:unity_connection:8.6\\(2a\\)su1:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:unity_connection:8.6_base:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:unity_connection:10.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:unity_connection:8.5\\(1\\)su3:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:unity_connection:9.0\\(1\\):*:*:*:*:*:*:*", "cpe:2.3:a:cisco:unity_connection:8.5\\(1\\)su2:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T11:41:11", "description": "The call-handling implementation in Cisco Unity Connection 8.5 before 8.5(1)SU7, 8.6 before 8.6(2a)SU4, 9.x before 9.1(2)SU2, and 10.0 before 10.0(1)SU1, when SIP trunk integration is enabled, allows remote attackers to cause a denial of service (port consumption) by improperly terminating SIP sessions, aka Bug ID CSCul28089.", "cvss3": {}, "published": "2015-04-03T18:59:00", "type": "cve", "title": "CVE-2015-0615", "cwe": ["CWE-19"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.1, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-0615"], "modified": "2015-09-29T19:31:00", "cpe": ["cpe:/a:cisco:unity_connection:8.5\\(1\\)su5", "cpe:/a:cisco:unity_connection:8.6\\(2a\\)su2", "cpe:/a:cisco:unity_connection:8.6\\(2a\\)su3", "cpe:/a:cisco:unity_connection:10.0.0", "cpe:/a:cisco:unity_connection:8.6\\(1a\\)", "cpe:/a:cisco:unity_connection:8.6_base", "cpe:/a:cisco:unity_connection:8.6\\(2\\)", "cpe:/a:cisco:unity_connection:8.6\\(2a\\)", "cpe:/a:cisco:unity_connection:8.5\\(1\\)su2", "cpe:/a:cisco:unity_connection:8.6\\(1\\)", "cpe:/a:cisco:unity_connection:8.5\\(1\\)su1", "cpe:/a:cisco:unity_connection:8.5\\(1\\)su4", "cpe:/a:cisco:unity_connection:8.5_base", "cpe:/a:cisco:unity_connection:8.6\\(2a\\)su1", "cpe:/a:cisco:unity_connection:10.0.5", "cpe:/a:cisco:unity_connection:9.0\\(1\\)", "cpe:/a:cisco:unity_connection:8.5\\(1\\)su3", "cpe:/a:cisco:unity_connection:9.1\\(2\\)", "cpe:/a:cisco:unity_connection:9.1\\(1\\)", "cpe:/a:cisco:unity_connection:8.5\\(1\\)su6", "cpe:/a:cisco:unity_connection:8.5\\(1\\)"], "id": "CVE-2015-0615", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0615", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}, "cpe23": ["cpe:2.3:a:cisco:unity_connection:8.5\\(1\\)su1:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:unity_connection:8.5_base:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:unity_connection:8.5\\(1\\)su6:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:unity_connection:8.6\\(2a\\)su3:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:unity_connection:9.1\\(2\\):*:*:*:*:*:*:*", "cpe:2.3:a:cisco:unity_connection:8.6\\(1\\):*:*:*:*:*:*:*", "cpe:2.3:a:cisco:unity_connection:8.5\\(1\\)su4:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:unity_connection:8.6\\(2a\\):*:*:*:*:*:*:*", "cpe:2.3:a:cisco:unity_connection:10.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:unity_connection:8.6\\(2\\):*:*:*:*:*:*:*", "cpe:2.3:a:cisco:unity_connection:8.6\\(2a\\)su2:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:unity_connection:8.5\\(1\\):*:*:*:*:*:*:*", "cpe:2.3:a:cisco:unity_connection:8.5\\(1\\)su5:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:unity_connection:8.6\\(1a\\):*:*:*:*:*:*:*", "cpe:2.3:a:cisco:unity_connection:9.1\\(1\\):*:*:*:*:*:*:*", "cpe:2.3:a:cisco:unity_connection:8.6\\(2a\\)su1:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:unity_connection:8.6_base:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:unity_connection:10.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:unity_connection:8.5\\(1\\)su3:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:unity_connection:9.0\\(1\\):*:*:*:*:*:*:*", "cpe:2.3:a:cisco:unity_connection:8.5\\(1\\)su2:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T11:41:09", "description": "The Connection Conversation Manager (aka CuCsMgr) process in Cisco Unity Connection 8.5 before 8.5(1)SU7, 8.6 before 8.6(2a)SU4, 9.x before 9.1(2)SU2, and 10.0 before 10.0(1)SU1, when SIP trunk integration is enabled, allows remote attackers to cause a denial of service (core dump and restart) via crafted SIP INVITE messages, aka Bug ID CSCul20444.", "cvss3": {}, "published": "2015-04-03T18:59:00", "type": "cve", "title": "CVE-2015-0613", "cwe": ["CWE-19"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.1, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-0613"], "modified": "2015-09-29T19:32:00", "cpe": ["cpe:/a:cisco:unity_connection:8.5\\(1\\)su5", "cpe:/a:cisco:unity_connection:8.6\\(2a\\)su2", "cpe:/a:cisco:unity_connection:8.6\\(2a\\)su3", "cpe:/a:cisco:unity_connection:10.0.0", "cpe:/a:cisco:unity_connection:8.6\\(1a\\)", "cpe:/a:cisco:unity_connection:8.6_base", "cpe:/a:cisco:unity_connection:8.6\\(2\\)", "cpe:/a:cisco:unity_connection:8.6\\(2a\\)", "cpe:/a:cisco:unity_connection:8.5\\(1\\)su2", "cpe:/a:cisco:unity_connection:8.6\\(1\\)", "cpe:/a:cisco:unity_connection:8.5\\(1\\)su1", "cpe:/a:cisco:unity_connection:8.5\\(1\\)su4", "cpe:/a:cisco:unity_connection:8.5_base", "cpe:/a:cisco:unity_connection:8.6\\(2a\\)su1", "cpe:/a:cisco:unity_connection:10.0.5", "cpe:/a:cisco:unity_connection:9.0\\(1\\)", "cpe:/a:cisco:unity_connection:8.5\\(1\\)su3", "cpe:/a:cisco:unity_connection:9.1\\(2\\)", "cpe:/a:cisco:unity_connection:9.1\\(1\\)", "cpe:/a:cisco:unity_connection:8.5\\(1\\)su6", "cpe:/a:cisco:unity_connection:8.5\\(1\\)"], "id": "CVE-2015-0613", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0613", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}, "cpe23": ["cpe:2.3:a:cisco:unity_connection:8.5\\(1\\)su1:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:unity_connection:8.5_base:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:unity_connection:8.5\\(1\\)su6:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:unity_connection:8.6\\(2a\\)su3:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:unity_connection:9.1\\(2\\):*:*:*:*:*:*:*", "cpe:2.3:a:cisco:unity_connection:8.6\\(1\\):*:*:*:*:*:*:*", "cpe:2.3:a:cisco:unity_connection:8.5\\(1\\)su4:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:unity_connection:8.6\\(2a\\):*:*:*:*:*:*:*", "cpe:2.3:a:cisco:unity_connection:10.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:unity_connection:8.6\\(2\\):*:*:*:*:*:*:*", "cpe:2.3:a:cisco:unity_connection:8.6\\(2a\\)su2:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:unity_connection:8.5\\(1\\):*:*:*:*:*:*:*", "cpe:2.3:a:cisco:unity_connection:8.5\\(1\\)su5:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:unity_connection:8.6\\(1a\\):*:*:*:*:*:*:*", "cpe:2.3:a:cisco:unity_connection:9.1\\(1\\):*:*:*:*:*:*:*", "cpe:2.3:a:cisco:unity_connection:8.6\\(2a\\)su1:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:unity_connection:8.6_base:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:unity_connection:10.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:unity_connection:8.5\\(1\\)su3:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:unity_connection:9.0\\(1\\):*:*:*:*:*:*:*", "cpe:2.3:a:cisco:unity_connection:8.5\\(1\\)su2:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T11:41:13", "description": "The Connection Conversation Manager (aka CuCsMgr) process in Cisco Unity Connection 8.5 before 8.5(1)SU7, 8.6 before 8.6(2a)SU4, and 9.x before 9.1(2)SU2, when SIP trunk integration is enabled, allows remote attackers to cause a denial of service (core dump and restart) by improperly terminating SIP TCP connections, aka Bug ID CSCul69819.", "cvss3": {}, "published": "2015-04-03T18:59:00", "type": "cve", "title": "CVE-2015-0616", "cwe": ["CWE-19"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.1, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-0616"], "modified": "2015-09-29T19:31:00", "cpe": ["cpe:/a:cisco:unity_connection:8.5\\(1\\)su5", "cpe:/a:cisco:unity_connection:8.6\\(2a\\)su3", "cpe:/a:cisco:unity_connection:8.6\\(2a\\)su2", "cpe:/a:cisco:unity_connection:8.6\\(1a\\)", "cpe:/a:cisco:unity_connection:8.6_base", "cpe:/a:cisco:unity_connection:8.6\\(2\\)", "cpe:/a:cisco:unity_connection:8.6\\(2a\\)", "cpe:/a:cisco:unity_connection:8.5\\(1\\)su2", "cpe:/a:cisco:unity_connection:8.6\\(1\\)", "cpe:/a:cisco:unity_connection:8.5\\(1\\)su1", "cpe:/a:cisco:unity_connection:8.5\\(1\\)su4", "cpe:/a:cisco:unity_connection:8.5_base", "cpe:/a:cisco:unity_connection:8.6\\(2a\\)su1", "cpe:/a:cisco:unity_connection:9.0\\(1\\)", "cpe:/a:cisco:unity_connection:8.5\\(1\\)su3", "cpe:/a:cisco:unity_connection:9.1\\(2\\)", "cpe:/a:cisco:unity_connection:9.1\\(1\\)", "cpe:/a:cisco:unity_connection:8.5\\(1\\)su6", "cpe:/a:cisco:unity_connection:8.5\\(1\\)"], "id": "CVE-2015-0616", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0616", "cvss": {"score": 7.1, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:C"}, "cpe23": ["cpe:2.3:a:cisco:unity_connection:8.5\\(1\\)su1:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:unity_connection:8.5_base:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:unity_connection:8.5\\(1\\)su6:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:unity_connection:9.1\\(2\\):*:*:*:*:*:*:*", "cpe:2.3:a:cisco:unity_connection:8.6\\(2a\\)su3:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:unity_connection:8.6\\(1\\):*:*:*:*:*:*:*", "cpe:2.3:a:cisco:unity_connection:8.5\\(1\\)su4:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:unity_connection:8.6\\(2a\\):*:*:*:*:*:*:*", "cpe:2.3:a:cisco:unity_connection:8.6\\(2\\):*:*:*:*:*:*:*", "cpe:2.3:a:cisco:unity_connection:8.6\\(2a\\)su2:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:unity_connection:8.5\\(1\\):*:*:*:*:*:*:*", "cpe:2.3:a:cisco:unity_connection:8.5\\(1\\)su5:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:unity_connection:8.6\\(1a\\):*:*:*:*:*:*:*", "cpe:2.3:a:cisco:unity_connection:9.1\\(1\\):*:*:*:*:*:*:*", "cpe:2.3:a:cisco:unity_connection:8.6\\(2a\\)su1:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:unity_connection:8.6_base:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:unity_connection:8.5\\(1\\)su3:*:*:*:*:*:*:*", "cpe:2.3:a:cisco:unity_connection:9.0\\(1\\):*:*:*:*:*:*:*", "cpe:2.3:a:cisco:unity_connection:8.5\\(1\\)su2:*:*:*:*:*:*:*"]}]}
