Cisco has addressed several denial-of-service (DoS) vulnerabilities in Cisco Unity Connection, the company’s unified messaging platform.
The security holes affect Cisco Unity Connection version 10.0 and prior, but only if the product is configured with Session Initiation Protocol (SIP) trunk integration. Skinny Call Control Protocol (SCCP) integrations are not impacted.
One of the flaws patched by Cisco exists in the Connection Conversation Manager (CuCsMgr) process due to the incorrect processing of certain UDP packets (CVE-2015-0612). A remote attacker can exploit the bug to cause the SIP network port UDP 5060 to close by sending a specially crafted UDP packet to the targeted device. Once the port is closed, Unity Connection can no longer process any calls, Cisco said in its advisory.
Two other CuCsMgr vulnerabilities can be leveraged to trigger a core dump of the process and cause a DoS condition by sending a specially crafted SIP INVITE messages to the Cisco Unity Connection server (CVE-2015-0613, CVE-2015-0614). The flaws are caused by the incorrect processing of crafted SIP INVITE messages and they can be exploited with UDP, TCP, or TLS connections. These security holes are similar, but they are not the same because a different part of the SIP INVITE message is processed incorrectly, Cisco noted.
A similar vulnerability (CVE-2015-0616) is caused by the incorrect handling of abnormally terminated SIP conversations. An attacker can cause a core dump and a DoS condition by causing the incorrect termination of TCP SIP conversations.
Finally, Cisco has resolved a flaw that can be exploited by a remote attacker to cause all SIP ports to become busy (CVE-2015-0615). All SIP connection lines can be blocked because in some scenarios allocated resources are not released properly. Once a DoS condition is triggered, the only way to restore service is by restarting the conversation manager.
All of these vulnerabilities can be exploited both over IPv4 or IPv6 communications.
Cisco has released updates for each of the affected versions of the software. Cisco Unity Connection 10.5 and certain 10.0 releases are not affected.
The company says it’s not aware of instances where these vulnerabilities have been used for malicious purposes, but some network scanners are known to exploit CVE-2015-0612.
In addition to the vulnerabilities affecting Cisco Unity Connection, the company patched a security bug in Cisco Prime Data Center Network Manager (DCNM). The product is plagued by a file information disclosure vulnerability that can be exploited by a remote, unauthenticated attacker to retrieve arbitrary files from the underlying operating system.
