CVE-2015-0612Improper Input Validation in Cisco Unity Connection

CWE-19CWE-20Improper Input ValidationCWE-3994 documents4 sources
Severity
7.1HIGHNVD
EPSS
0.4%
top 39.29%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Cisco Unity ConnectionCisco Unity Connection 8.5Cisco Unity Connection 8.6
Timeline
PublishedApr 3
Latest updateMay 17

Description

The Connection Conversation Manager (aka CuCsMgr) process in Cisco Unity Connection 8.5 before 8.5(1)SU6, 8.6 before 8.6(2a)SU4, and 9.x before 9.1(2)SU2, when SIP trunk integration is enabled, allows remote attackers to cause a denial of service (SIP outage) via a crafted UDP packet, aka Bug ID CSCuh25062.

CVSS vector

AV:N/AC:M/C:N/I:N/A:CExploitability: 8.6 | Impact: 6.9

Affected Packages3 packages

NVDcisco/unity_connection16 versions+15

🔴Vulnerability Details

2
GHSA
GHSA-c6hr-xqr4-99rx: The Connection Conversation Manager (aka CuCsMgr) process in Cisco Unity Connection 82022-05-17
CVEList
CVE-2015-0612: The Connection Conversation Manager (aka CuCsMgr) process in Cisco Unity Connection 82015-04-03

📋Vendor Advisories

1
Cisco
Multiple Vulnerabilities in Cisco Unity Connection2015-04-01
CVE-2015-0612 — Improper Input Validation in Cisco | cvebase