CVE-2015-0615

Published: Apr 3, 2015Modified: May 6, 2026

7.1

Vector

AV:N/AC:M/Au:N/C:N/I:N/A:C

Exploitability: 8.6 / Impact: 6.9

Source: NVD

Description

The call-handling implementation in Cisco Unity Connection 8.5 before 8.5(1)SU7, 8.6 before 8.6(2a)SU4, 9.x before 9.1(2)SU2, and 10.0 before 10.0(1)SU1, when SIP trunk integration is enabled, allows remote attackers to cause a denial of service (port consumption) by improperly terminating SIP sessions, aka Bug ID CSCul28089.

Affected (21)

Products: Cisco: Unity Connection

Cisco

1 product

Unity Connection

Configuration A

21 vulnerable

Vulnerable Software	Affected Versions
Cisco Unity Connection	Version 10.0.0
Cisco Unity Connection	Version 10.0.5
Cisco Unity Connection	Version 8.5(1)
Cisco Unity Connection	Version 8.5(1)su1
Cisco Unity Connection	Version 8.5(1)su2
Cisco Unity Connection	Version 8.5(1)su3
Cisco Unity Connection	Version 8.5(1)su4
Cisco Unity Connection	Version 8.5(1)su5
Cisco Unity Connection	Version 8.5(1)su6
Cisco Unity Connection	Version 8.5_base
Cisco Unity Connection	Version 8.6(1)
Cisco Unity Connection	Version 8.6(1a)
Cisco Unity Connection	Version 8.6(2)
Cisco Unity Connection	Version 8.6(2a)
Cisco Unity Connection	Version 8.6(2a)su1
Cisco Unity Connection	Version 8.6(2a)su2
Cisco Unity Connection	Version 8.6(2a)su3
Cisco Unity Connection	Version 8.6_base
Cisco Unity Connection	Version 9.0(1)
Cisco Unity Connection	Version 9.1(1)
Cisco Unity Connection	Version 9.1(2)

Related CWEs

CWE-19

References (4)

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150401-cuc

Source: psirt@cisco.com

Vendor Advisory

http://www.securitytracker.com/id/1032010

Source: psirt@cisco.com

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150401-cuc

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://www.securitytracker.com/id/1032010

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.