Summaryinfo

A vulnerability identified as problematic has been detected in Oracle Communications Diameter Signaling Router (DSR) up to 4.1.6/5.1.0/6.0.2/7.1.0. This affects an unknown part. This manipulation causes Remote Code Execution. The identification of this vulnerability is CVE-2015-2608. There is no exploit available. You should upgrade the affected component.

Detailsinfo

A vulnerability has been found in Oracle Communications Diameter Signaling Router (DSR) up to 4.1.6/5.1.0/6.0.2/7.1.0 (Cloud Software) and classified as critical. Affected by this vulnerability is some unknown functionality. The manipulation with an unknown input leads to a remote code execution vulnerability. As an impact it is known to affect confidentiality, integrity, and availability.

The weakness was shared 10/20/2015 as Oracle Critical Patch Update Advisory - October 2015 as confirmed advisory (Website). It is possible to read the advisory at oracle.com. This vulnerability is known as CVE-2015-2608 since 03/20/2015. The exploitation appears to be easy. The attack can be launched remotely. The exploitation doesn't need any form of authentication. The technical details are unknown and an exploit is not publicly available.

Upgrading eliminates this vulnerability. A possible mitigation has been published immediately after the disclosure of the vulnerability.

The entries VDB-78614, VDB-78643, VDB-78622 and VDB-78621 are related to this item. Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

Productinfo

Type

• Cloud Software

Vendor

• Oracle

Name

• Communications Diameter Signaling Router (DSR)

Version

• 4.1.0
• 4.1.1
• 4.1.2
• 4.1.3
• 4.1.4
• 4.1.5
• 4.1.6
• 5.0
• 5.1.0
• 6.0.0
• 6.0.1
• 6.0.2
• 7.0
• 7.1.0

License

• commercial

Website

• Vendor: https://www.oracle.com

CPE 2.3info

• 🔍
• 🔍
• 🔍

CPE 2.2info

• 🔍
• 🔍
• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Discussion