Sign-up

ID

VAR-201506-0314


CVE

CVE-2015-4226


TITLE

Cisco Unified IP Phone 9900 Service operation interruption in the packet storage function of series firmware (DoS) Vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2015-003344

DESCRIPTION

The packet-storing feature on Cisco 9900 phones with firmware 9.3(2) does not properly support the RTP protocol, which allows remote attackers to cause a denial of service (device hang) by sending malformed RTP packets after a call is answered, aka Bug ID CSCur39976. Vendors have confirmed this vulnerability Bug ID CSCur39976 It is released as.Malformed after a third party answers the call RTP Service interruption due to packet transmission ( Device hang ) There is a possibility of being put into a state. The Cisco 9900 Series IP Phones are the 9900 Series IP Telephony products from Cisco. The product provides voice and video capabilities. An attacker can exploit this issue to cause an affected device to become unresponsive, resulting in a denial-of-service condition. This issue is tracked by Cisco Bug ID CSCur39976

Trust: 2.52

sources: NVD: CVE-2015-4226 // JVNDB: JVNDB-2015-003344 // CNVD: CNVD-2015-04201 // BID: 75471 // VULHUB: VHN-82187

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2015-04201

AFFECTED PRODUCTS

vendor:ciscomodel:unified ip phones 9900 seriesscope:eqversion:9.3\(2\)

Trust: 1.6

vendor:ciscomodel:unified ip phone 9900 seriesscope:eqversion:9.3(2)

Trust: 0.8

vendor:ciscomodel:unified ip phone 9951scope: - version: -

Trust: 0.8

vendor:ciscomodel:unified ip phone 9971scope: - version: -

Trust: 0.8

vendor:ciscomodel:phones withscope:eqversion:99009.3(2)

Trust: 0.6

vendor:ciscomodel:unified ip phones seriesscope:eqversion:99009.3.2

Trust: 0.3

sources: CNVD: CNVD-2015-04201 // BID: 75471 // JVNDB: JVNDB-2015-003344 // CNNVD: CNNVD-201506-634 // NVD: CVE-2015-4226

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2015-4226
value: HIGH

Trust: 1.0

NVD: CVE-2015-4226
value: HIGH

Trust: 0.8

CNVD: CNVD-2015-04201
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201506-634
value: HIGH

Trust: 0.6

VULHUB: VHN-82187
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2015-4226
severity: HIGH
baseScore: 7.1
vectorString: AV:N/AC:M/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2015-04201
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-82187
severity: HIGH
baseScore: 7.1
vectorString: AV:N/AC:M/AU:N/C:N/I:N/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: CNVD: CNVD-2015-04201 // VULHUB: VHN-82187 // JVNDB: JVNDB-2015-003344 // CNNVD: CNNVD-201506-634 // NVD: CVE-2015-4226

PROBLEMTYPE DATA

problemtype:CWE-399

Trust: 1.9

sources: VULHUB: VHN-82187 // JVNDB: JVNDB-2015-003344 // NVD: CVE-2015-4226

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201506-634

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-201506-634

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2015-003344

PATCH
title:39554url:http://tools.cisco.com/security/center/viewAlert.x?alertId=39554
Trust: 0.8
title:Patch for Cisco 9900 Series IP Phones Denial of Service Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/60292
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2015-04201 // 
            
            
            
            JVNDB: JVNDB-2015-003344

EXTERNAL IDS
db:NVDid:CVE-2015-4226
Trust: 3.4
db:BIDid:75471
Trust: 1.4
db:SECTRACKid:1032748
Trust: 1.1
db:JVNDBid:JVNDB-2015-003344
Trust: 0.8
db:CNNVDid:CNNVD-201506-634
Trust: 0.7
db:CNVDid:CNVD-2015-04201
Trust: 0.6
db:VULHUBid:VHN-82187
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2015-04201 // 
            
            
            
            VULHUB: VHN-82187 // 
            
            
            
            BID: 75471 // 
            
            
            
            JVNDB: JVNDB-2015-003344 // 
            
            
            
            CNNVD: CNNVD-201506-634 // 
            
            
            
            NVD: CVE-2015-4226

REFERENCES
url:http://tools.cisco.com/security/center/viewalert.x?alertid=39554
Trust: 2.6
url:http://www.securityfocus.com/bid/75471
Trust: 1.1
url:http://www.securitytracker.com/id/1032748
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-4226
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-4226
Trust: 0.8
url:http://www.cisco.com/
Trust: 0.3
url:http://www.cisco.com/en/us/products/ps10453/index.html
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2015-04201 // 
            
            
            
            VULHUB: VHN-82187 // 
            
            
            
            BID: 75471 // 
            
            
            
            JVNDB: JVNDB-2015-003344 // 
            
            
            
            CNNVD: CNNVD-201506-634 // 
            
            
            
            NVD: CVE-2015-4226

CREDITS
Cisco
Trust: 0.3
sources:
            
            
            BID: 75471

SOURCES
db:CNVDid:CNVD-2015-04201
db:VULHUBid:VHN-82187
db:BIDid:75471
db:JVNDBid:JVNDB-2015-003344
db:CNNVDid:CNNVD-201506-634
db:NVDid:CVE-2015-4226

LAST UPDATE DATE
2025-04-12T23:29:31.960000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2015-04201date:2015-07-03T00:00:00
db:VULHUBid:VHN-82187date:2017-01-04T00:00:00
db:BIDid:75471date:2015-06-29T00:00:00
db:JVNDBid:JVNDB-2015-003344date:2015-07-02T00:00:00
db:CNNVDid:CNNVD-201506-634date:2015-07-03T00:00:00
db:NVDid:CVE-2015-4226date:2025-04-12T10:46:40.837

SOURCES RELEASE DATE
db:CNVDid:CNVD-2015-04201date:2015-07-03T00:00:00
db:VULHUBid:VHN-82187date:2015-06-30T00:00:00
db:BIDid:75471date:2015-06-29T00:00:00
db:JVNDBid:JVNDB-2015-003344date:2015-07-02T00:00:00
db:CNNVDid:CNNVD-201506-634date:2015-06-30T00:00:00
db:NVDid:CVE-2015-4226date:2015-06-30T15:59:17.700