cnvd - cnvd-2015-02212

cnvd-2015-02212

Vulnerability from cnvd

Title

Cisco Unity Connection SIP中继集成特制INVITE消息拒绝服务漏洞（CNVD-2015-02212）

Description

Cisco Unity Connection是一个功能丰富的语音留言平台，采用Linux统一通信操作系统。 Cisco Unity Connection的Connection Conversation Manager (CuCsMgr)进程存在安全漏洞。允许未经身份验证的远程攻击者通过发送构造的SIP INVITE消息到受影响设备，触发CuCsMgr磁芯信息转储，导致拒绝服务。

Severity

高

Patch Name

Cisco Unity Connection SIP中继集成特制INVITE消息拒绝服务漏洞（CNVD-2015-02212）的补丁

Patch Description

Cisco Unity Connection是一个功能丰富的语音留言平台，采用Linux统一通信操作系统。Cisco Unity Connection的Connection Conversation Manager (CuCsMgr)进程存在安全漏洞。允许未经身份验证的远程攻击者通过发送构造的SIP INVITE消息到受影响设备，触发CuCsMgr磁芯信息转储，导致拒绝服务。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

Cisco已经为此发布了一个安全公告（cisco-sa-20150401-cuc）以及相应补丁: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150401-cuc

Reference

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150401-cuc https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0614

Impacted products

Name
['Cisco Unity Connection 8.5(<8.5(1)SU7)', 'Cisco Unity Connection 8.6(<8.6(2a)SU4)', 'Cisco Unity Connection 9.x(<9.1(2)SU2)', 'Cisco Unity Connection 10.0(<10.0(1)SU1)']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2015-0614"
    }
  },
  "description": "Cisco Unity Connection\u662f\u4e00\u4e2a\u529f\u80fd\u4e30\u5bcc\u7684\u8bed\u97f3\u7559\u8a00\u5e73\u53f0\uff0c\u91c7\u7528Linux\u7edf\u4e00\u901a\u4fe1\u64cd\u4f5c\u7cfb\u7edf\u3002\r\n\r\nCisco Unity Connection\u7684Connection Conversation Manager (CuCsMgr)\u8fdb\u7a0b\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u5141\u8bb8\u672a\u7ecf\u8eab\u4efd\u9a8c\u8bc1\u7684\u8fdc\u7a0b\u653b\u51fb\u8005\u901a\u8fc7\u53d1\u9001\u6784\u9020\u7684SIP INVITE\u6d88\u606f\u5230\u53d7\u5f71\u54cd\u8bbe\u5907\uff0c\u89e6\u53d1CuCsMgr\u78c1\u82af\u4fe1\u606f\u8f6c\u50a8\uff0c\u5bfc\u81f4\u62d2\u7edd\u670d\u52a1\u3002",
  "discovererName": "Cisco",
  "formalWay": "Cisco\u5df2\u7ecf\u4e3a\u6b64\u53d1\u5e03\u4e86\u4e00\u4e2a\u5b89\u5168\u516c\u544a\uff08cisco-sa-20150401-cuc\uff09\u4ee5\u53ca\u76f8\u5e94\u8865\u4e01:\r\nhttp://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150401-cuc",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2015-02212",
  "openTime": "2015-04-08",
  "patchDescription": "Cisco Unity Connection\u662f\u4e00\u4e2a\u529f\u80fd\u4e30\u5bcc\u7684\u8bed\u97f3\u7559\u8a00\u5e73\u53f0\uff0c\u91c7\u7528Linux\u7edf\u4e00\u901a\u4fe1\u64cd\u4f5c\u7cfb\u7edf\u3002Cisco Unity Connection\u7684Connection Conversation Manager (CuCsMgr)\u8fdb\u7a0b\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u5141\u8bb8\u672a\u7ecf\u8eab\u4efd\u9a8c\u8bc1\u7684\u8fdc\u7a0b\u653b\u51fb\u8005\u901a\u8fc7\u53d1\u9001\u6784\u9020\u7684SIP INVITE\u6d88\u606f\u5230\u53d7\u5f71\u54cd\u8bbe\u5907\uff0c\u89e6\u53d1CuCsMgr\u78c1\u82af\u4fe1\u606f\u8f6c\u50a8\uff0c\u5bfc\u81f4\u62d2\u7edd\u670d\u52a1\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Cisco Unity Connection SIP\u4e2d\u7ee7\u96c6\u6210\u7279\u5236INVITE\u6d88\u606f\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\uff08CNVD-2015-02212\uff09\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Cisco Unity Connection 8.5(\u003c8.5(1)SU7)",
      "Cisco Unity Connection 8.6(\u003c8.6(2a)SU4)",
      "Cisco Unity Connection 9.x(\u003c9.1(2)SU2)",
      "Cisco Unity Connection 10.0(\u003c10.0(1)SU1)"
    ]
  },
  "referenceLink": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150401-cuc\r\nhttps://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0614",
  "serverity": "\u9ad8",
  "submitTime": "2015-04-06",
  "title": "Cisco Unity Connection SIP\u4e2d\u7ee7\u96c6\u6210\u7279\u5236INVITE\u6d88\u606f\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\uff08CNVD-2015-02212\uff09"
}

CVE-2015-0614 (GCVE-0-2015-0614)

Vulnerability from cvelistv5

Published

2015-04-03 18:00

Modified

2024-08-06 04:17

Severity ?

CWE

Summary

The Connection Conversation Manager (aka CuCsMgr) process in Cisco Unity Connection 8.5 before 8.5(1)SU7, 8.6 before 8.6(2a)SU4, 9.x before 9.1(2)SU2, and 10.0 before 10.0(1)SU1, when SIP trunk integration is enabled, allows remote attackers to cause a denial of service (core dump and restart) via crafted SIP INVITE messages, aka Bug ID CSCul26267.

References

URL

Tags

	http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150401-cuc	vendor-advisory, x_refsource_CISCO
	http://www.securitytracker.com/id/1032010	vdb-entry, x_refsource_SECTRACK