Vulnerability Details : CVE-2015-0612
The Connection Conversation Manager (aka CuCsMgr) process in Cisco Unity Connection 8.5 before 8.5(1)SU6, 8.6 before 8.6(2a)SU4, and 9.x before 9.1(2)SU2, when SIP trunk integration is enabled, allows remote attackers to cause a denial of service (SIP outage) via a crafted UDP packet, aka Bug ID CSCuh25062.
Vulnerability category: Denial of service
Products affected by CVE-2015-0612
- cpe:2.3:a:cisco:unity_connection:8.5\(1\)su1:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:unity_connection:8.5\(1\)su2:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:unity_connection:8.6\(1a\):*:*:*:*:*:*:*
- cpe:2.3:a:cisco:unity_connection:8.5\(1\):*:*:*:*:*:*:*
- cpe:2.3:a:cisco:unity_connection:8.6\(2a\):*:*:*:*:*:*:*
- cpe:2.3:a:cisco:unity_connection:9.1\(1\):*:*:*:*:*:*:*
- cpe:2.3:a:cisco:unity_connection:9.1\(2\):*:*:*:*:*:*:*
- cpe:2.3:a:cisco:unity_connection:8.6\(1\):*:*:*:*:*:*:*
- cpe:2.3:a:cisco:unity_connection:8.6\(2\):*:*:*:*:*:*:*
- cpe:2.3:a:cisco:unity_connection:8.5\(1\)su3:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:unity_connection:8.5\(1\)su4:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:unity_connection:8.5\(1\)su5:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:unity_connection:8.6\(2a\)su2:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:unity_connection:9.0\(1\):*:*:*:*:*:*:*
- cpe:2.3:a:cisco:unity_connection:8.6\(2a\)su1:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:unity_connection:8.6\(2a\)su3:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:unity_connection_8.5:base:*:*:*:*:*:*:*
- cpe:2.3:a:cisco:unity_connection_8.6:base:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2015-0612
0.19%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 55 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2015-0612
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.1
|
HIGH | AV:N/AC:M/Au:N/C:N/I:N/A:C |
8.6
|
6.9
|
NIST |
CWE ids for CVE-2015-0612
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2015-0612
-
http://www.securitytracker.com/id/1032010
Cisco Unity Connection SIP Trunk Integration Processing Flaws Let Remote Users Deny Service - SecurityTracker
-
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150401-cuc
Multiple Vulnerabilities in Cisco Unity ConnectionVendor Advisory
Jump to