Cisco Unity Connection Multiple Remote DoS (cisco-sa-20150401-cuc)

high Nessus Plugin ID 82702

Synopsis

The version of Cisco Unity Connection installed on the remote host is affected by multiple denial of service vulnerabilities.

Description

The version of Cisco Unity Connection installed on the remote host is 8.5 prior to 8.5(1)SU7 / 8.6 prior to 8.6(2a)SU4 / 9.x prior to 9.1(2)SU2 / 10.x prior to 10.0(1)SU1. It is, therefore, affected by multiple denial of service vulnerabilities :

- A denial of service vulnerability exists in the Connection Conversation Manager (CuCsMgr) due to incorrect processing of specific UDP packets. An unauthenticated, remote attacker can exploit this issue by sending a specific UDP packet to the configured SIP trunk, resulting in the closure of the SIP port and the inability to process any further calls.
(CVE-2015-0612)

- A denial of service vulnerability exists in the Connection Conversation Manager (CuCsMgr) due to incorrect processing of SIP INVITE messages. An unauthenticated, remote attacker can exploit this, via specially crafted SIP INVITE messages, to trigger a core dump of the CuCsMgr process. (CVE-2015-0613)

- A denial of service vulnerability exists in the Connection Conversation Manager (CuCsMgr) due to incorrect processing of SIP INVITE messages. An unauthenticated, remote attacker can exploit this, via specially crafted SIP INVITE messages, to trigger a core dump of the CuCsMgr process. (CVE-2015-0614)

- A denial of service vulnerability exists in the SIP call handling code due to a failure to release allocated resources under specific connection scenarios. An unauthenticated, remote attacker can exploit this issue by abnormally terminating a SIP session, resulting in the consumption of all available SIP ports thus preventing further connections. (CVE-2015-0615)

- A denial of service vulnerability exists in the Connection Conversation Manager (CuCsMgr) due to improper handling of incorrectly terminated SIP conversations. An unauthenticated, remote attacker can exploit this issue by abnormally terminating a SIP connection, triggering a core dump of the CuCsMgr process. (CVE-2015-0616)

Note that Cisco bug ID CSCuh25062 (CVE-2015-0612) does not affect the 10.0.x branch.

Further note that Cisco bug ID CSCuh25062 (CVE-2015-0612) is corrected in version 8.5(1)SU6 for the 8.5.x branch. However, version 8.5(1)SU6 is still affected by the other vulnerabilities.

Solution

Upgrade to Cisco Unity Connection 8.5(1)SU7 / 8.6(2a)SU4 / 9.1(2)SU2 / 10.0(1)SU1 or later.

See Also

http://www.nessus.org/u?d3846cf2

https://tools.cisco.com/security/center/viewAlert.x?alertId=37806

https://tools.cisco.com/security/center/viewAlert.x?alertId=37807

https://tools.cisco.com/security/center/viewAlert.x?alertId=37834

https://tools.cisco.com/security/center/viewAlert.x?alertId=37808

https://tools.cisco.com/security/center/viewAlert.x?alertId=37809

Plugin Details

Severity: High

ID: 82702

File Name: cisco_uc_cisco-sa-20150401-cuc.nasl

Version: 1.6

Type: local

Family: CISCO

Published: 4/10/2015

Updated: 11/15/2018

Risk Information

VPR

Risk Factor: Low

Score: 3.6

CVSS v2

Risk Factor: High

Base Score: 7.1

Temporal Score: 5.3

Vector: AV:N/AC:M/Au:N/C:N/I:N/A:C

Temporal Vector: E:U/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/a:cisco:unity_connection

Required KB Items: Host/Cisco/Unity_Connection/Version

Exploit Ease: No known exploits are available

Patch Publication Date: 4/1/2015

Vulnerability Publication Date: 4/1/2015

Reference Information

CVE: CVE-2015-0612, CVE-2015-0613, CVE-2015-0614, CVE-2015-0615, CVE-2015-0616

BID: 73476

CISCO-BUG-ID: CSCuh25062, CSCul20444, CSCul26267, CSCul28089, CSCul69819

IAVA: 2015-A-0070

CISCO-SA: cisco-sa-20150401-cuc