Cisco Unity Connection Bulk Administration Tool Connection Request サービス拒否

フィールド2018年10月06日 11:112020年03月30日 16:31
typeUnified Communication SoftwareUnified Communication Software
vendorCiscoCisco
nameUnity ConnectionUnity Connection
componentBulk Administration ToolBulk Administration Tool
input_typeConnection RequestConnection Request
cwe399 (サービス拒否)399 (サービス拒否)
risk11
cvss2_vuldb_basescore3.53.5
cvss2_vuldb_tempscore3.03.0
cvss2_vuldb_avNN
cvss2_vuldb_acMM
cvss2_vuldb_auSS
cvss2_vuldb_ciNN
cvss2_vuldb_iiNN
cvss2_vuldb_aiPP
cvss2_nvd_avNN
cvss2_nvd_acLL
cvss2_nvd_auSS
cvss2_nvd_ciNN
cvss2_nvd_iiNN
cvss2_nvd_aiPP
cvss3_meta_basescore5.55.5
cvss3_meta_tempscore5.35.3
cvss3_vuldb_basescore4.34.3
cvss3_vuldb_tempscore4.14.1
cvss3_vuldb_avNN
cvss3_vuldb_acLL
cvss3_vuldb_prLL
cvss3_vuldb_uiNN
cvss3_vuldb_sUU
cvss3_vuldb_cNN
cvss3_vuldb_iNN
cvss3_vuldb_aLL
cvss3_nvd_avNN
cvss3_nvd_acLL
cvss3_nvd_prHH
cvss3_nvd_uiNN
cvss3_nvd_sCC
cvss3_nvd_cNN
cvss3_nvd_iNN
cvss3_nvd_aHH
date1538690400 (2018年10月05日)1538690400 (2018年10月05日)
locationWebsiteWebsite
typeAdvisoryAdvisory
urlhttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181003-unity-doshttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181003-unity-dos
identifiercisco-sa-20181003-unity-doscisco-sa-20181003-unity-dos
price_0day$0-$5k$0-$5k
nameUpgradeUpgrade
cveCVE-2018-15396CVE-2018-15396
cve_assigned1534456800 (2018年08月17日)1534456800 (2018年08月17日)
cve_nvd_published15386976001538697600
cve_nvd_summaryA vulnerability in the Bulk Administration Tool (BAT) for Cisco Unity Connection could allow an authenticated, remote attacker to cause high disk utilization, resulting in a denial of service (DoS) condition. The vulnerability exists because the affected software does not restrict the maximum size of certain files that can be written to disk. An attacker who has valid administrator credentials for an affected system could exploit this vulnerability by sending a crafted, remote connection request to an affected system. A successful exploit could allow the attacker to write a file that consumes most of the available disk space on the system, causing application functions to operate abnormally and leading to a DoS condition.A vulnerability in the Bulk Administration Tool (BAT) for Cisco Unity Connection could allow an authenticated, remote attacker to cause high disk utilization, resulting in a denial of service (DoS) condition. The vulnerability exists because the affected software does not restrict the maximum size of certain files that can be written to disk. An attacker who has valid administrator credentials for an affected system could exploit this vulnerability by sending a crafted, remote connection request to an affected system. A successful exploit could allow the attacker to write a file that consumes most of the available disk space on the system, causing application functions to operate abnormally and leading to a DoS condition.
cvss2_vuldb_eNDND
cvss2_vuldb_rlOFOF
cvss2_vuldb_rcCC
cvss3_vuldb_eXX
cvss3_vuldb_rlOO
cvss3_vuldb_rcCC
0day_days22
cvss3_nvd_basescore6.86.8
discoverydate1538524800

Do you need the next level of professionalism?

Upgrade your account now!