Executive Summary
Summary | |
---|---|
Title | Multiple Vulnerabilities in Cisco Unity Connection |
Informations | |||
---|---|---|---|
Name | cisco-sa-20150401-cuc | First vendor Publication | 2015-04-01 |
Vendor | Cisco | Last vendor Modification | 2015-04-01 |
Severity (Vendor) | N/A | Revision | 1.0 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:M/Au:N/C:N/I:N/A:C) | |||
---|---|---|---|
Cvss Base Score | 7.1 | Attack Range | Network |
Cvss Impact Score | 6.9 | Attack Complexity | Medium |
Cvss Expoit Score | 8.6 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Cisco Unity Connection contains multiple vulnerabilities, when it is configured with Session Initiation Protocol (SIP) trunk integration. The vulnerabilities described in this advisory are denial of service vulnerabilities impacting the availability of Cisco Unity Connection for processing SIP messages. Cisco has released free software updates that address these vulnerabilities. Workarounds that mitigate these vulnerabilities are not available. This advisory is available at the following link: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150401-cuc BEGIN PGP SIGNATURE Version: GnuPG v1.4.5 (SunOS) iQIVAwUBVRthYopI1I6i1Mx3AQLsfQ/+JPtMJZeOiBGfZSKcJxtrnc+BeoKgtkvx gGdX0EOMa15GJRKRGg0tVgPs9L1zMjwk7agVD5Y+Bs0stPvKzHAsc8mJlX0y9CHD YHfBPnqLjiLHZF/Dke9O5TtetHR1GEn4p9dgUihb/ke7leR8Yl6V7oqvBw6CdWCG 0MOQoGb1sVzFqys+QcUuN7rNNI+rRnFqEciqqmuV8FIkO8H1epxgd3dFobo+aCqA nvtBsfS8/q7M+kNG31p+Qh1JAFkwFwLiUolJwZlEDDf6uWnm8aP5apKKkb8FXqls Cvb6xUag9QgqJrB0W99tWnNE3T1UEsAC5CKRSxbyMFi4y/kG85LIuk7/gNw67i/A zhCDmwAbfM/r+HX30vIcVH5KOtKlBxeUJCWidbDrFZb8UGsdCuGgMRCrNWaPz/p3 0Za4LVVT6zbwq6x4Zbuuhxp+5FoRMYXp5xeI5XILncEsBRCzzccwSNq1znOjrLtz 5Z1X+CGjmNoOOJxaQL+tJIHN7OKaS891d29Md74NsugrEOryETuAgNYrufQqx3xZ qY+brvbvCUuw0SbCtiKmzKLzh6VYhVWCWbgtAjto/rMFh4HVhvmQ9v/TUaJUM5ZC xxxBBVzWAxiJs+fCV3YOzV5XTXEHbUe+qzKRMdMMnnpZvHFWU2RyusuV53pmx9w6 tHCBgvscchI= =Yrq3 END PGP SIGNATURE _______________________________________________ cust-security-announce mailing list cust-security-announce@cisco.com To unsubscribe, send the command "unsubscribe" in the subject of your message to cust-security-announce-leave@cisco.com |
Original Source
Url : http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco (...) |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-19 | Data Handling |
CPE : Common Platform Enumeration
Information Assurance Vulnerability Management (IAVM)
Date | Description |
---|---|
2015-04-09 | IAVM : 2015-A-0070 - Multiple Denial of Service Vulnerabilities in Cisco Unity Connection Severity : Category I - VMSKEY : V0059849 |
Snort® IPS/IDS
Date | Description |
---|---|
2015-04-02 | Unity Conversation Manager record-route INVITE anomaly denial of service attempt RuleID : 34023 - Revision : 1 - Type : PROTOCOL-VOIP |
2015-04-02 | Cisco Unity Connection malformed contact header denial of service attempt RuleID : 34022 - Revision : 2 - Type : PROTOCOL-VOIP |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2015-04-10 | Name : The version of Cisco Unity Connection installed on the remote host is affecte... File : cisco_uc_cisco-sa-20150401-cuc.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2015-10-18 17:22:08 |
|
2015-04-11 13:28:36 |
|
2015-04-06 21:30:50 |
|
2015-04-01 21:25:35 |
|