Sign-up

ID

VAR-201512-0396


CVE

CVE-2015-6422


TITLE

Cisco Unified Communications Domain Manager Denial of Service in Self-Service Applications in Japan (DoS) Vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2015-006397

DESCRIPTION

The self-service application in Cisco Unified Communications Domain Manager (CUCDM) 10.6(1) allows remote authenticated users to cause a denial of service (subapplication outage) via malformed requests, aka Bug ID CSCuu10981. An attacker can exploit this issue to cause a denial-of-service condition, denying service to legitimate users. This issue is being tracked by Cisco Bug ID CSCuu10981. This component features scalable, distributed, and highly available enterprise Voice over IP call processing. There are security vulnerabilities in the self-service application of CUCDM version 10.6(1)

Trust: 1.98

sources: NVD: CVE-2015-6422 // JVNDB: JVNDB-2015-006397 // BID: 79032 // VULHUB: VHN-84383

AFFECTED PRODUCTS

vendor:ciscomodel:unified communications domain managerscope:eqversion:10.6.1

Trust: 1.6

vendor:ciscomodel:unified communications domain managerscope:eqversion:10.6(1)

Trust: 1.1

sources: BID: 79032 // JVNDB: JVNDB-2015-006397 // CNNVD: CNNVD-201512-406 // NVD: CVE-2015-6422

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2015-6422
value: MEDIUM

Trust: 1.0

NVD: CVE-2015-6422
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201512-406
value: MEDIUM

Trust: 0.6

VULHUB: VHN-84383
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2015-6422
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-84383
severity: MEDIUM
baseScore: 4.0
vectorString: AV:N/AC:L/AU:S/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 8.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-84383 // JVNDB: JVNDB-2015-006397 // CNNVD: CNNVD-201512-406 // NVD: CVE-2015-6422

PROBLEMTYPE DATA

problemtype:CWE-399

Trust: 1.9

sources: VULHUB: VHN-84383 // JVNDB: JVNDB-2015-006397 // NVD: CVE-2015-6422

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201512-406

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-201512-406

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2015-006397

PATCH
title:cisco-sa-20151211-ucdmurl:http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151211-ucdm
Trust: 0.8
title:Cisco Unified Communications Domain Manager Remediation measures for denial of service vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=59219
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2015-006397 // 
            
            
            
            CNNVD: CNNVD-201512-406

EXTERNAL IDS
db:NVDid:CVE-2015-6422
Trust: 2.8
db:BIDid:79032
Trust: 1.4
db:SECTRACKid:1034407
Trust: 1.1
db:JVNDBid:JVNDB-2015-006397
Trust: 0.8
db:CNNVDid:CNNVD-201512-406
Trust: 0.7
db:VULHUBid:VHN-84383
Trust: 0.1
sources:
            
            
            VULHUB: VHN-84383 // 
            
            
            
            BID: 79032 // 
            
            
            
            JVNDB: JVNDB-2015-006397 // 
            
            
            
            CNNVD: CNNVD-201512-406 // 
            
            
            
            NVD: CVE-2015-6422

REFERENCES
url:http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20151211-ucdm
Trust: 2.0
url:http://www.securityfocus.com/bid/79032
Trust: 1.1
url:http://www.securitytracker.com/id/1034407
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6422
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-6422
Trust: 0.8
url:http://www.cisco.com/
Trust: 0.3
sources:
            
            
            VULHUB: VHN-84383 // 
            
            
            
            BID: 79032 // 
            
            
            
            JVNDB: JVNDB-2015-006397 // 
            
            
            
            CNNVD: CNNVD-201512-406 // 
            
            
            
            NVD: CVE-2015-6422

CREDITS
Cisco
Trust: 0.3
sources:
            
            
            BID: 79032

SOURCES
db:VULHUBid:VHN-84383
db:BIDid:79032
db:JVNDBid:JVNDB-2015-006397
db:CNNVDid:CNNVD-201512-406
db:NVDid:CVE-2015-6422

LAST UPDATE DATE
2025-04-13T23:23:42.326000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-84383date:2016-12-07T00:00:00
db:BIDid:79032date:2015-12-11T00:00:00
db:JVNDBid:JVNDB-2015-006397date:2015-12-16T00:00:00
db:CNNVDid:CNNVD-201512-406date:2015-12-14T00:00:00
db:NVDid:CVE-2015-6422date:2025-04-12T10:46:40.837

SOURCES RELEASE DATE
db:VULHUBid:VHN-84383date:2015-12-14T00:00:00
db:BIDid:79032date:2015-12-11T00:00:00
db:JVNDBid:JVNDB-2015-006397date:2015-12-16T00:00:00
db:CNNVDid:CNNVD-201512-406date:2015-12-14T00:00:00
db:NVDid:CVE-2015-6422date:2015-12-14T03:59:06.060