CVE-2015-0614Improper Input Validation in Cisco Unity Connection

CWE-19CWE-20Improper Input ValidationCWE-3994 documents4 sources
Severity
7.1HIGHNVD
EPSS
0.4%
top 39.29%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Cisco Unity Connection
Timeline
PublishedApr 3
Latest updateMay 17

Description

The Connection Conversation Manager (aka CuCsMgr) process in Cisco Unity Connection 8.5 before 8.5(1)SU7, 8.6 before 8.6(2a)SU4, 9.x before 9.1(2)SU2, and 10.0 before 10.0(1)SU1, when SIP trunk integration is enabled, allows remote attackers to cause a denial of service (core dump and restart) via crafted SIP INVITE messages, aka Bug ID CSCul26267.

CVSS vector

AV:N/AC:M/C:N/I:N/A:CExploitability: 8.6 | Impact: 6.9

Affected Packages1 packages

NVDcisco/unity_connection21 versions+20

🔴Vulnerability Details

2
GHSA
GHSA-3pc3-3mfc-x5vj: The Connection Conversation Manager (aka CuCsMgr) process in Cisco Unity Connection 82022-05-17
CVEList
CVE-2015-0614: The Connection Conversation Manager (aka CuCsMgr) process in Cisco Unity Connection 82015-04-03

📋Vendor Advisories

1
Cisco
Multiple Vulnerabilities in Cisco Unity Connection2015-04-01
CVE-2015-0614 — Improper Input Validation in Cisco | cvebase