CVE-2018-15396

CWE-399CWE-400Uncontrolled Resource Consumption4 documents4 sources
Severity
6.8MEDIUM
EPSS
0.6%
top 30.17%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cisco Cisco Unity ConnectionCisco Unity Connection
Timeline
PublishedOct 5
Latest updateMay 13

Description

A vulnerability in the Bulk Administration Tool (BAT) for Cisco Unity Connection could allow an authenticated, remote attacker to cause high disk utilization, resulting in a denial of service (DoS) condition. The vulnerability exists because the affected software does not restrict the maximum size of certain files that can be written to disk. An attacker who has valid administrator credentials for an affected system could exploit this vulnerability by sending a crafted, remote connection request

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:HExploitability: 2.3 | Impact: 4.0

Affected Packages2 packages

🔴Vulnerability Details

2
GHSA
GHSA-fvmw-88r5-vrp4: A vulnerability in the Bulk Administration Tool (BAT) for Cisco Unity Connection could allow an authenticated, remote attacker to cause high disk util2022-05-13
CVEList
Cisco Unity Connection File Upload Denial of Service Vulnerability2018-10-05

📋Vendor Advisories

1
Cisco
Cisco Unity Connection File Upload Denial of Service Vulnerability2018-10-03
CVE-2018-15396 (MEDIUM CVSS 6.8) | A vulnerability in the Bulk Adminis | cvebase.io