var-201506-0314
Vulnerability from variot
The packet-storing feature on Cisco 9900 phones with firmware 9.3(2) does not properly support the RTP protocol, which allows remote attackers to cause a denial of service (device hang) by sending malformed RTP packets after a call is answered, aka Bug ID CSCur39976. Vendors have confirmed this vulnerability Bug ID CSCur39976 It is released as.Malformed after a third party answers the call RTP Service interruption due to packet transmission ( Device hang ) There is a possibility of being put into a state. The Cisco 9900 Series IP Phones are the 9900 Series IP Telephony products from Cisco. The product provides voice and video capabilities. An attacker can exploit this issue to cause an affected device to become unresponsive, resulting in a denial-of-service condition. This issue is tracked by Cisco Bug ID CSCur39976
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201506-0314",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "unified ip phones 9900 series",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": "9.3\\(2\\)"
},
{
"model": "unified ip phone 9900 series",
"scope": "eq",
"trust": 0.8,
"vendor": "cisco",
"version": "9.3(2)"
},
{
"model": "unified ip phone 9951",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "unified ip phone 9971",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "phones with",
"scope": "eq",
"trust": 0.6,
"vendor": "cisco",
"version": "99009.3(2)"
},
{
"model": "unified ip phones series",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "99009.3.2"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-04201"
},
{
"db": "BID",
"id": "75471"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003344"
},
{
"db": "CNNVD",
"id": "CNNVD-201506-634"
},
{
"db": "NVD",
"id": "CVE-2015-4226"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:cisco:unified_ip_phones_9900_series_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:cisco:unified_ip_phone_9951",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/h:cisco:unified_ip_phone_9971",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-003344"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco",
"sources": [
{
"db": "BID",
"id": "75471"
}
],
"trust": 0.3
},
"cve": "CVE-2015-4226",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 7.1,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CVE-2015-4226",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CNVD-2015-04201",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 7.1,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "VHN-82187",
"impactScore": 6.9,
"integrityImpact": "NONE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:N/I:N/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2015-4226",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2015-4226",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2015-04201",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201506-634",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-82187",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-04201"
},
{
"db": "VULHUB",
"id": "VHN-82187"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003344"
},
{
"db": "CNNVD",
"id": "CNNVD-201506-634"
},
{
"db": "NVD",
"id": "CVE-2015-4226"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The packet-storing feature on Cisco 9900 phones with firmware 9.3(2) does not properly support the RTP protocol, which allows remote attackers to cause a denial of service (device hang) by sending malformed RTP packets after a call is answered, aka Bug ID CSCur39976. Vendors have confirmed this vulnerability Bug ID CSCur39976 It is released as.Malformed after a third party answers the call RTP Service interruption due to packet transmission ( Device hang ) There is a possibility of being put into a state. The Cisco 9900 Series IP Phones are the 9900 Series IP Telephony products from Cisco. The product provides voice and video capabilities. \nAn attacker can exploit this issue to cause an affected device to become unresponsive, resulting in a denial-of-service condition. \nThis issue is tracked by Cisco Bug ID CSCur39976",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-4226"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003344"
},
{
"db": "CNVD",
"id": "CNVD-2015-04201"
},
{
"db": "BID",
"id": "75471"
},
{
"db": "VULHUB",
"id": "VHN-82187"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2015-4226",
"trust": 3.4
},
{
"db": "BID",
"id": "75471",
"trust": 1.4
},
{
"db": "SECTRACK",
"id": "1032748",
"trust": 1.1
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003344",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201506-634",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2015-04201",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-82187",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-04201"
},
{
"db": "VULHUB",
"id": "VHN-82187"
},
{
"db": "BID",
"id": "75471"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003344"
},
{
"db": "CNNVD",
"id": "CNNVD-201506-634"
},
{
"db": "NVD",
"id": "CVE-2015-4226"
}
]
},
"id": "VAR-201506-0314",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-04201"
},
{
"db": "VULHUB",
"id": "VHN-82187"
}
],
"trust": 1.7
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-04201"
}
]
},
"last_update_date": "2024-11-23T21:54:57.487000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "39554",
"trust": 0.8,
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=39554"
},
{
"title": "Patch for Cisco 9900 Series IP Phones Denial of Service Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/60292"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-04201"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003344"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-399",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-82187"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003344"
},
{
"db": "NVD",
"id": "CVE-2015-4226"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.6,
"url": "http://tools.cisco.com/security/center/viewalert.x?alertid=39554"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/bid/75471"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1032748"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-4226"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-4226"
},
{
"trust": 0.3,
"url": "http://www.cisco.com/"
},
{
"trust": 0.3,
"url": "http://www.cisco.com/en/us/products/ps10453/index.html"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2015-04201"
},
{
"db": "VULHUB",
"id": "VHN-82187"
},
{
"db": "BID",
"id": "75471"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003344"
},
{
"db": "CNNVD",
"id": "CNNVD-201506-634"
},
{
"db": "NVD",
"id": "CVE-2015-4226"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2015-04201"
},
{
"db": "VULHUB",
"id": "VHN-82187"
},
{
"db": "BID",
"id": "75471"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-003344"
},
{
"db": "CNNVD",
"id": "CNNVD-201506-634"
},
{
"db": "NVD",
"id": "CVE-2015-4226"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-07-03T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-04201"
},
{
"date": "2015-06-30T00:00:00",
"db": "VULHUB",
"id": "VHN-82187"
},
{
"date": "2015-06-29T00:00:00",
"db": "BID",
"id": "75471"
},
{
"date": "2015-07-02T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-003344"
},
{
"date": "2015-06-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201506-634"
},
{
"date": "2015-06-30T15:59:17.700000",
"db": "NVD",
"id": "CVE-2015-4226"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-07-03T00:00:00",
"db": "CNVD",
"id": "CNVD-2015-04201"
},
{
"date": "2017-01-04T00:00:00",
"db": "VULHUB",
"id": "VHN-82187"
},
{
"date": "2015-06-29T00:00:00",
"db": "BID",
"id": "75471"
},
{
"date": "2015-07-02T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-003344"
},
{
"date": "2015-07-03T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201506-634"
},
{
"date": "2024-11-21T02:30:40.300000",
"db": "NVD",
"id": "CVE-2015-4226"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201506-634"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Cisco Unified IP Phone 9900 Service operation interruption in the packet storage function of series firmware (DoS) Vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-003344"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "resource management error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201506-634"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…