CVE-2015-0616
First published: Fri Apr 03 2015(Updated: )
The Connection Conversation Manager (aka CuCsMgr) process in Cisco Unity Connection 8.5 before 8.5(1)SU7, 8.6 before 8.6(2a)SU4, and 9.x before 9.1(2)SU2, when SIP trunk integration is enabled, allows remote attackers to cause a denial of service (core dump and restart) by improperly terminating SIP TCP connections, aka Bug ID CSCul69819.
Credit: ykramarz@cisco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cisco Unity Connection | =8.5\(1\) | |
| Cisco Unity Connection | =8.5\(1\)su1 | |
| Cisco Unity Connection | =8.5\(1\)su2 | |
| Cisco Unity Connection | =8.5\(1\)su3 | |
| Cisco Unity Connection | =8.5\(1\)su4 | |
| Cisco Unity Connection | =8.5\(1\)su5 | |
| Cisco Unity Connection | =8.5\(1\)su6 | |
| Cisco Unity Connection | =8.5_base | |
| Cisco Unity Connection | =8.6\(1\) | |
| Cisco Unity Connection | =8.6\(1a\) | |
| Cisco Unity Connection | =8.6\(2\) | |
| Cisco Unity Connection | =8.6\(2a\) | |
| Cisco Unity Connection | =8.6\(2a\)su1 | |
| Cisco Unity Connection | =8.6\(2a\)su2 | |
| Cisco Unity Connection | =8.6\(2a\)su3 | |
| Cisco Unity Connection | =8.6_base | |
| Cisco Unity Connection | =9.0\(1\) | |
| Cisco Unity Connection | =9.1\(1\) | |
| Cisco Unity Connection | =9.1\(2\) |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2015-0616?
CVE-2015-0616 has been classified as a high severity vulnerability due to its potential to cause denial of service.
How do I fix CVE-2015-0616?
To fix CVE-2015-0616, you should upgrade your Cisco Unity Connection software to the recommended versions that include the security patches.
What happens if CVE-2015-0616 is exploited?
If CVE-2015-0616 is exploited, it could allow remote attackers to crash the system, resulting in a core dump and restart of the affected service.
Which Cisco Unity Connection versions are vulnerable to CVE-2015-0616?
CVE-2015-0616 affects Cisco Unity Connection versions 8.5 before 8.5(1)SU7, 8.6 before 8.6(2a)SU4, and 9.x before 9.1(2)SU2.
Is there a workaround for CVE-2015-0616 until I can apply a patch?
Currently, there is no specific workaround for CVE-2015-0616; applying the recommended updates is the most effective mitigation.
- collector/nvd-index
- agent/severity
- agent/references
- agent/weakness
- agent/author
- agent/tags
- agent/type
- agent/event
- agent/description
- agent/last-modified-date
- agent/first-publish-date
- vendor/cisco
- canonical/cisco unity connection
- version/cisco unity connection/8.5\(1\)
- version/cisco unity connection/8.5\(1\)su1
- version/cisco unity connection/8.5\(1\)su2
- version/cisco unity connection/8.5\(1\)su3
- version/cisco unity connection/8.5\(1\)su4
- version/cisco unity connection/8.5\(1\)su5
- version/cisco unity connection/8.5\(1\)su6
- version/cisco unity connection/8.5_base
- version/cisco unity connection/8.6\(1\)
- version/cisco unity connection/8.6\(1a\)
- version/cisco unity connection/8.6\(2\)
- version/cisco unity connection/8.6\(2a\)
- version/cisco unity connection/8.6\(2a\)su1
- version/cisco unity connection/8.6\(2a\)su2
- version/cisco unity connection/8.6\(2a\)su3
- version/cisco unity connection/8.6_base
- version/cisco unity connection/9.0\(1\)
- version/cisco unity connection/9.1\(1\)
- version/cisco unity connection/9.1\(2\)