CVE-2015-0614
First published: Fri Apr 03 2015(Updated: )
The Connection Conversation Manager (aka CuCsMgr) process in Cisco Unity Connection 8.5 before 8.5(1)SU7, 8.6 before 8.6(2a)SU4, 9.x before 9.1(2)SU2, and 10.0 before 10.0(1)SU1, when SIP trunk integration is enabled, allows remote attackers to cause a denial of service (core dump and restart) via crafted SIP INVITE messages, aka Bug ID CSCul26267.
Credit: ykramarz@cisco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cisco Unity Connection | =8.5\(1\) | |
| Cisco Unity Connection | =8.5\(1\)su1 | |
| Cisco Unity Connection | =8.5\(1\)su2 | |
| Cisco Unity Connection | =8.5\(1\)su3 | |
| Cisco Unity Connection | =8.5\(1\)su4 | |
| Cisco Unity Connection | =8.5\(1\)su5 | |
| Cisco Unity Connection | =8.5\(1\)su6 | |
| Cisco Unity Connection | =8.5_base | |
| Cisco Unity Connection | =8.6\(1\) | |
| Cisco Unity Connection | =8.6\(1a\) | |
| Cisco Unity Connection | =8.6\(2\) | |
| Cisco Unity Connection | =8.6\(2a\) | |
| Cisco Unity Connection | =8.6\(2a\)su1 | |
| Cisco Unity Connection | =8.6\(2a\)su2 | |
| Cisco Unity Connection | =8.6\(2a\)su3 | |
| Cisco Unity Connection | =8.6_base | |
| Cisco Unity Connection | =9.0\(1\) | |
| Cisco Unity Connection | =9.1\(1\) | |
| Cisco Unity Connection | =9.1\(2\) | |
| Cisco Unity Connection | =10.0.0 | |
| Cisco Unity Connection | =10.0.5 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2015-0614?
CVE-2015-0614 has a high severity and can lead to denial of service due to a core dump and restart of the affected Cisco Unity Connection process.
How do I fix CVE-2015-0614?
To fix CVE-2015-0614, upgrade your Cisco Unity Connection to the latest version specified in the security advisory.
Which versions of Cisco Unity Connection are affected by CVE-2015-0614?
CVE-2015-0614 affects Cisco Unity Connection versions prior to 8.5(1)SU7, 8.6(2a)SU4, 9.1(2)SU2, and 10.0(1)SU1.
Can CVE-2015-0614 be exploited remotely?
Yes, CVE-2015-0614 can be exploited remotely when SIP trunk integration is enabled.
What should I do if I cannot update to a fixed version for CVE-2015-0614?
If you cannot update to a fixed version for CVE-2015-0614, consider implementing network segmentation and access controls to limit exposure to the vulnerability.
- collector/nvd-index
- agent/author
- agent/severity
- agent/weakness
- agent/tags
- agent/type
- agent/event
- agent/softwarecombine
- agent/first-publish-date
- agent/last-modified-date
- agent/description
- vendor/cisco
- canonical/cisco unity connection
- version/cisco unity connection/8.5\(1\)
- version/cisco unity connection/8.5\(1\)su1
- version/cisco unity connection/8.5\(1\)su2
- version/cisco unity connection/8.5\(1\)su3
- version/cisco unity connection/8.5\(1\)su4
- version/cisco unity connection/8.5\(1\)su5
- version/cisco unity connection/8.5\(1\)su6
- version/cisco unity connection/8.5_base
- version/cisco unity connection/8.6\(1\)
- version/cisco unity connection/8.6\(1a\)
- version/cisco unity connection/8.6\(2\)
- version/cisco unity connection/8.6\(2a\)
- version/cisco unity connection/8.6\(2a\)su1
- version/cisco unity connection/8.6\(2a\)su2
- version/cisco unity connection/8.6\(2a\)su3
- version/cisco unity connection/8.6_base
- version/cisco unity connection/9.0\(1\)
- version/cisco unity connection/9.1\(1\)
- version/cisco unity connection/9.1\(2\)
- version/cisco unity connection/10.0.0
- version/cisco unity connection/10.0.5