cvelistv5 - cve-2015-4226

CVE-2015-4226 (GCVE-0-2015-4226)

Vulnerability from cvelistv5 – Published: 2015-06-30 15:00 – Updated: 2024-08-06 06:11

Summary

Severity ?

No CVSS data available.

CWE

Assigner

cisco

References

URL

Tags

	http://tools.cisco.com/security/center/viewAlert.…	vendor-advisoryx_refsource_CISCO
	http://www.securitytracker.com/id/1032748	vdb-entryx_refsource_SECTRACK
	http://www.securityfocus.com/bid/75471	vdb-entryx_refsource_BID

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T06:11:11.773Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20150629 Cisco Unified IP Phones 9900 Series Denial of Service Vulnerability",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=39554"
          },
          {
            "name": "1032748",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1032748"
          },
          {
            "name": "75471",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/75471"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-06-29T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The packet-storing feature on Cisco 9900 phones with firmware 9.3(2) does not properly support the RTP protocol, which allows remote attackers to cause a denial of service (device hang) by sending malformed RTP packets after a call is answered, aka Bug ID CSCur39976."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2016-12-29T18:57:01",
        "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
        "shortName": "cisco"
      },
      "references": [
        {
          "name": "20150629 Cisco Unified IP Phones 9900 Series Denial of Service Vulnerability",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=39554"
        },
        {
          "name": "1032748",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1032748"
        },
        {
          "name": "75471",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/75471"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2015-4226",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The packet-storing feature on Cisco 9900 phones with firmware 9.3(2) does not properly support the RTP protocol, which allows remote attackers to cause a denial of service (device hang) by sending malformed RTP packets after a call is answered, aka Bug ID CSCur39976."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20150629 Cisco Unified IP Phones 9900 Series Denial of Service Vulnerability",
              "refsource": "CISCO",
              "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=39554"
            },
            {
              "name": "1032748",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1032748"
            },
            {
              "name": "75471",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/75471"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633",
    "assignerShortName": "cisco",
    "cveId": "CVE-2015-4226",
    "datePublished": "2015-06-30T15:00:00",
    "dateReserved": "2015-06-04T00:00:00",
    "dateUpdated": "2024-08-06T06:11:11.773Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:cisco:unified_ip_phones_9900_series_firmware:9.3\\\\(2\\\\):*:*:*:*:*:*:*\", \"matchCriteriaId\": \"58F539DF-9306-4D65-959A-AB392CA568A1\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"The packet-storing feature on Cisco 9900 phones with firmware 9.3(2) does not properly support the RTP protocol, which allows remote attackers to cause a denial of service (device hang) by sending malformed RTP packets after a call is answered, aka Bug ID CSCur39976.\"}, {\"lang\": \"es\", \"value\": \"La caracter\\u00edstica del almacenamiento de paquetes en los tel\\u00e9fonos Cisco 9900 con firmware 9.3(2) no soporta correctamente el protocolo RTP, lo que permite a atacantes remotos causar una denegaci\\u00f3n de servicio (cuelgue de dispositivo) mediante el env\\u00edo de paquetes RTP malformados despu\\u00e9s de que se conteste una llamada, tambi\\u00e9n conocida como Bug ID CSCur39976.\"}]",
      "id": "CVE-2015-4226",
      "lastModified": "2024-11-21T02:30:40.300",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:N/I:N/A:C\", \"baseScore\": 7.1, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"COMPLETE\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 8.6, \"impactScore\": 6.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": true}]}",
      "published": "2015-06-30T15:59:17.700",
      "references": "[{\"url\": \"http://tools.cisco.com/security/center/viewAlert.x?alertId=39554\", \"source\": \"ykramarz@cisco.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.securityfocus.com/bid/75471\", \"source\": \"ykramarz@cisco.com\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.securitytracker.com/id/1032748\", \"source\": \"ykramarz@cisco.com\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://tools.cisco.com/security/center/viewAlert.x?alertId=39554\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.securityfocus.com/bid/75471\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.securitytracker.com/id/1032748\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}]",
      "sourceIdentifier": "ykramarz@cisco.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-399\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2015-4226\",\"sourceIdentifier\":\"psirt@cisco.com\",\"published\":\"2015-06-30T15:59:17.700\",\"lastModified\":\"2025-04-12T10:46:40.837\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The packet-storing feature on Cisco 9900 phones with firmware 9.3(2) does not properly support the RTP protocol, which allows remote attackers to cause a denial of service (device hang) by sending malformed RTP packets after a call is answered, aka Bug ID CSCur39976.\"},{\"lang\":\"es\",\"value\":\"La caracter\u00edstica del almacenamiento de paquetes en los tel\u00e9fonos Cisco 9900 con firmware 9.3(2) no soporta correctamente el protocolo RTP, lo que permite a atacantes remotos causar una denegaci\u00f3n de servicio (cuelgue de dispositivo) mediante el env\u00edo de paquetes RTP malformados despu\u00e9s de que se conteste una llamada, tambi\u00e9n conocida como Bug ID CSCur39976.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:N/I:N/A:C\",\"baseScore\":7.1,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":8.6,\"impactScore\":6.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-399\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:cisco:unified_ip_phones_9900_series_firmware:9.3\\\\(2\\\\):*:*:*:*:*:*:*\",\"matchCriteriaId\":\"58F539DF-9306-4D65-959A-AB392CA568A1\"}]}]}],\"references\":[{\"url\":\"http://tools.cisco.com/security/center/viewAlert.x?alertId=39554\",\"source\":\"psirt@cisco.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/75471\",\"source\":\"psirt@cisco.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id/1032748\",\"source\":\"psirt@cisco.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://tools.cisco.com/security/center/viewAlert.x?alertId=39554\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/75471\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id/1032748\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]}]}}"
  }
}

VAR-201506-0314

Vulnerability from variot - Updated: 2023-12-18 13:44

The packet-storing feature on Cisco 9900 phones with firmware 9.3(2) does not properly support the RTP protocol, which allows remote attackers to cause a denial of service (device hang) by sending malformed RTP packets after a call is answered, aka Bug ID CSCur39976. Vendors have confirmed this vulnerability Bug ID CSCur39976 It is released as.Malformed after a third party answers the call RTP Service interruption due to packet transmission ( Device hang ) There is a possibility of being put into a state. The Cisco 9900 Series IP Phones are the 9900 Series IP Telephony products from Cisco. The product provides voice and video capabilities. An attacker can exploit this issue to cause an affected device to become unresponsive, resulting in a denial-of-service condition. This issue is tracked by Cisco Bug ID CSCur39976

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201506-0314",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "unified ip phones 9900 series",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "cisco",
        "version": "9.3\\(2\\)"
      },
      {
        "model": "unified ip phone 9900 series",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "cisco",
        "version": "9.3(2)"
      },
      {
        "model": "unified ip phone 9951",
        "scope": null,
        "trust": 0.8,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "unified ip phone 9971",
        "scope": null,
        "trust": 0.8,
        "vendor": "cisco",
        "version": null
      },
      {
        "model": "phones with",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "cisco",
        "version": "99009.3(2)"
      },
      {
        "model": "unified ip phones series",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "cisco",
        "version": "99009.3.2"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2015-04201"
      },
      {
        "db": "BID",
        "id": "75471"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003344"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-4226"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201506-634"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:cisco:unified_ip_phones_9900_series_firmware:9.3\\(2\\):*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2015-4226"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Cisco",
    "sources": [
      {
        "db": "BID",
        "id": "75471"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2015-4226",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.1,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.6,
            "impactScore": 6.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "HIGH",
            "trust": 1.0,
            "userInteractionRequired": true,
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Medium",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Complete",
            "baseScore": 7.1,
            "confidentialityImpact": "None",
            "exploitabilityScore": null,
            "id": "CVE-2015-4226",
            "impactScore": null,
            "integrityImpact": "None",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "High",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.6,
            "id": "CNVD-2015-04201",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.6,
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.1,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.6,
            "id": "VHN-82187",
            "impactScore": 6.9,
            "integrityImpact": "NONE",
            "severity": "HIGH",
            "trust": 0.1,
            "vectorString": "AV:N/AC:M/AU:N/C:N/I:N/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2015-4226",
            "trust": 1.8,
            "value": "HIGH"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2015-04201",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201506-634",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "VULHUB",
            "id": "VHN-82187",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2015-04201"
      },
      {
        "db": "VULHUB",
        "id": "VHN-82187"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003344"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-4226"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201506-634"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "The packet-storing feature on Cisco 9900 phones with firmware 9.3(2) does not properly support the RTP protocol, which allows remote attackers to cause a denial of service (device hang) by sending malformed RTP packets after a call is answered, aka Bug ID CSCur39976. Vendors have confirmed this vulnerability Bug ID CSCur39976 It is released as.Malformed after a third party answers the call RTP Service interruption due to packet transmission ( Device hang ) There is a possibility of being put into a state. The Cisco 9900 Series IP Phones are the 9900 Series IP Telephony products from Cisco. The product provides voice and video capabilities. \nAn attacker can exploit this issue to cause an affected device to become unresponsive, resulting in a denial-of-service condition. \nThis issue is tracked by Cisco Bug ID CSCur39976",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2015-4226"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003344"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2015-04201"
      },
      {
        "db": "BID",
        "id": "75471"
      },
      {
        "db": "VULHUB",
        "id": "VHN-82187"
      }
    ],
    "trust": 2.52
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2015-4226",
        "trust": 3.4
      },
      {
        "db": "BID",
        "id": "75471",
        "trust": 1.4
      },
      {
        "db": "SECTRACK",
        "id": "1032748",
        "trust": 1.1
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003344",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201506-634",
        "trust": 0.7
      },
      {
        "db": "CNVD",
        "id": "CNVD-2015-04201",
        "trust": 0.6
      },
      {
        "db": "VULHUB",
        "id": "VHN-82187",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2015-04201"
      },
      {
        "db": "VULHUB",
        "id": "VHN-82187"
      },
      {
        "db": "BID",
        "id": "75471"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003344"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-4226"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201506-634"
      }
    ]
  },
  "id": "VAR-201506-0314",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2015-04201"
      },
      {
        "db": "VULHUB",
        "id": "VHN-82187"
      }
    ],
    "trust": 1.7
  },
  "iot_taxonomy": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "category": [
          "Network device"
        ],
        "sub_category": null,
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2015-04201"
      }
    ]
  },
  "last_update_date": "2023-12-18T13:44:19.912000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "39554",
        "trust": 0.8,
        "url": "http://tools.cisco.com/security/center/viewalert.x?alertid=39554"
      },
      {
        "title": "Patch for Cisco 9900 Series IP Phones Denial of Service Vulnerability",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchinfo/show/60292"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2015-04201"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003344"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-399",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-82187"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003344"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-4226"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.6,
        "url": "http://tools.cisco.com/security/center/viewalert.x?alertid=39554"
      },
      {
        "trust": 1.1,
        "url": "http://www.securityfocus.com/bid/75471"
      },
      {
        "trust": 1.1,
        "url": "http://www.securitytracker.com/id/1032748"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-4226"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-4226"
      },
      {
        "trust": 0.3,
        "url": "http://www.cisco.com/"
      },
      {
        "trust": 0.3,
        "url": "http://www.cisco.com/en/us/products/ps10453/index.html"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2015-04201"
      },
      {
        "db": "VULHUB",
        "id": "VHN-82187"
      },
      {
        "db": "BID",
        "id": "75471"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003344"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-4226"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201506-634"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CNVD",
        "id": "CNVD-2015-04201"
      },
      {
        "db": "VULHUB",
        "id": "VHN-82187"
      },
      {
        "db": "BID",
        "id": "75471"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003344"
      },
      {
        "db": "NVD",
        "id": "CVE-2015-4226"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201506-634"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2015-07-03T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2015-04201"
      },
      {
        "date": "2015-06-30T00:00:00",
        "db": "VULHUB",
        "id": "VHN-82187"
      },
      {
        "date": "2015-06-29T00:00:00",
        "db": "BID",
        "id": "75471"
      },
      {
        "date": "2015-07-02T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2015-003344"
      },
      {
        "date": "2015-06-30T15:59:17.700000",
        "db": "NVD",
        "id": "CVE-2015-4226"
      },
      {
        "date": "2015-06-30T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201506-634"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2015-07-03T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2015-04201"
      },
      {
        "date": "2017-01-04T00:00:00",
        "db": "VULHUB",
        "id": "VHN-82187"
      },
      {
        "date": "2015-06-29T00:00:00",
        "db": "BID",
        "id": "75471"
      },
      {
        "date": "2015-07-02T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2015-003344"
      },
      {
        "date": "2017-01-04T17:55:23.077000",
        "db": "NVD",
        "id": "CVE-2015-4226"
      },
      {
        "date": "2015-07-03T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201506-634"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201506-634"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Cisco Unified IP Phone 9900 Service operation interruption in the packet storage function of series firmware  (DoS) Vulnerabilities",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-003344"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "resource management error",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201506-634"
      }
    ],
    "trust": 0.6
  }
}

GSD-2015-4226

Vulnerability from gsd - Updated: 2023-12-13 01:19

Details

Aliases

CVE-2015-4226

Aliases

CVE-2015-4226

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2015-4226",
    "description": "The packet-storing feature on Cisco 9900 phones with firmware 9.3(2) does not properly support the RTP protocol, which allows remote attackers to cause a denial of service (device hang) by sending malformed RTP packets after a call is answered, aka Bug ID CSCur39976.",
    "id": "GSD-2015-4226"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2015-4226"
      ],
      "details": "The packet-storing feature on Cisco 9900 phones with firmware 9.3(2) does not properly support the RTP protocol, which allows remote attackers to cause a denial of service (device hang) by sending malformed RTP packets after a call is answered, aka Bug ID CSCur39976.",
      "id": "GSD-2015-4226",
      "modified": "2023-12-13T01:19:59.252489Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "psirt@cisco.com",
        "ID": "CVE-2015-4226",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "The packet-storing feature on Cisco 9900 phones with firmware 9.3(2) does not properly support the RTP protocol, which allows remote attackers to cause a denial of service (device hang) by sending malformed RTP packets after a call is answered, aka Bug ID CSCur39976."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "20150629 Cisco Unified IP Phones 9900 Series Denial of Service Vulnerability",
            "refsource": "CISCO",
            "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=39554"
          },
          {
            "name": "1032748",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id/1032748"
          },
          {
            "name": "75471",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/75471"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:cisco:unified_ip_phones_9900_series_firmware:9.3\\(2\\):*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2015-4226"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "The packet-storing feature on Cisco 9900 phones with firmware 9.3(2) does not properly support the RTP protocol, which allows remote attackers to cause a denial of service (device hang) by sending malformed RTP packets after a call is answered, aka Bug ID CSCur39976."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-399"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20150629 Cisco Unified IP Phones 9900 Series Denial of Service Vulnerability",
              "refsource": "CISCO",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=39554"
            },
            {
              "name": "75471",
              "refsource": "BID",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securityfocus.com/bid/75471"
            },
            {
              "name": "1032748",
              "refsource": "SECTRACK",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securitytracker.com/id/1032748"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.1,
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 6.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": true
        }
      },
      "lastModifiedDate": "2017-01-04T17:55Z",
      "publishedDate": "2015-06-30T15:59Z"
    }
  }
}

FKIE_CVE-2015-4226

Vulnerability from fkie_nvd - Published: 2015-06-30 15:59 - Updated: 2025-04-12 10:46

Severity ?

Summary

References

URL	Tags
psirt@cisco.com	http://tools.cisco.com/security/center/viewAlert.x?alertId=39554	Vendor Advisory
psirt@cisco.com	http://www.securityfocus.com/bid/75471	Third Party Advisory, VDB Entry
psirt@cisco.com	http://www.securitytracker.com/id/1032748	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://tools.cisco.com/security/center/viewAlert.x?alertId=39554	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/75471	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1032748	Third Party Advisory, VDB Entry

Impacted products

	Vendor	Product	Version
	cisco	unified_ip_phones_9900_series_firmware	9.3\(2\)

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:unified_ip_phones_9900_series_firmware:9.3\\(2\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "58F539DF-9306-4D65-959A-AB392CA568A1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The packet-storing feature on Cisco 9900 phones with firmware 9.3(2) does not properly support the RTP protocol, which allows remote attackers to cause a denial of service (device hang) by sending malformed RTP packets after a call is answered, aka Bug ID CSCur39976."
    },
    {
      "lang": "es",
      "value": "La caracter\u00edstica del almacenamiento de paquetes en los tel\u00e9fonos Cisco 9900 con firmware 9.3(2) no soporta correctamente el protocolo RTP, lo que permite a atacantes remotos causar una denegaci\u00f3n de servicio (cuelgue de dispositivo) mediante el env\u00edo de paquetes RTP malformados despu\u00e9s de que se conteste una llamada, tambi\u00e9n conocida como Bug ID CSCur39976."
    }
  ],
  "id": "CVE-2015-4226",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 7.1,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 6.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2015-06-30T15:59:17.700",
  "references": [
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=39554"
    },
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/75471"
    },
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1032748"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=39554"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/75471"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1032748"
    }
  ],
  "sourceIdentifier": "psirt@cisco.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-399"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CNVD-2015-04201

Vulnerability from cnvd - Published: 2015-07-03

Title

Cisco 9900 Series IP Phones拒绝服务漏洞

Description

Cisco 9900 Series IP Phones是美国思科（Cisco）公司的9900系列IP电话产品。该产品提供了语音、视频功能。 Cisco 9900 Series IP Phones存在拒绝服务漏洞，该漏洞源于程序未能正确支持RTP协议。远程攻击者可通过在呼叫应答后发送畸形的RTP数据包利用该漏洞造成拒绝服务（设备挂起）。

Severity

中

Patch Name

Cisco 9900 Series IP Phones拒绝服务漏洞的补丁

Patch Description

Cisco 9900 Series IP Phones是美国思科（Cisco）公司的9900系列IP电话产品。该产品提供了语音、视频功能。Cisco 9900 Series IP Phones存在拒绝服务漏洞，该漏洞源于程序未能正确支持RTP协议。远程攻击者可通过在呼叫应答后发送畸形的RTP数据包利用该漏洞造成拒绝服务（设备挂起）。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

目前厂商已经发布了升级补丁以修复此安全问题，补丁获取链接： https://tools.cisco.com/bugsearch/bug/CSCur39976

Reference

http://tools.cisco.com/security/center/viewAlert.x?alertId=39554

Impacted products

Name
Cisco 9900 phones with firmware 9.3(2)

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2015-4226"
    }
  },
  "description": "Cisco 9900 Series IP Phones\u662f\u7f8e\u56fd\u601d\u79d1\uff08Cisco\uff09\u516c\u53f8\u76849900\u7cfb\u5217IP\u7535\u8bdd\u4ea7\u54c1\u3002\u8be5\u4ea7\u54c1\u63d0\u4f9b\u4e86\u8bed\u97f3\u3001\u89c6\u9891\u529f\u80fd\u3002\r\n\r\nCisco 9900 Series IP Phones\u5b58\u5728\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7a0b\u5e8f\u672a\u80fd\u6b63\u786e\u652f\u6301RTP\u534f\u8bae\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u5728\u547c\u53eb\u5e94\u7b54\u540e\u53d1\u9001\u7578\u5f62\u7684RTP\u6570\u636e\u5305\u5229\u7528\u8be5\u6f0f\u6d1e\u9020\u6210\u62d2\u7edd\u670d\u52a1\uff08\u8bbe\u5907\u6302\u8d77\uff09\u3002",
  "discovererName": "Cisco",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6b64\u5b89\u5168\u95ee\u9898\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://tools.cisco.com/bugsearch/bug/CSCur39976",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2015-04201",
  "openTime": "2015-07-03",
  "patchDescription": "Cisco 9900 Series IP Phones\u662f\u7f8e\u56fd\u601d\u79d1\uff08Cisco\uff09\u516c\u53f8\u76849900\u7cfb\u5217IP\u7535\u8bdd\u4ea7\u54c1\u3002\u8be5\u4ea7\u54c1\u63d0\u4f9b\u4e86\u8bed\u97f3\u3001\u89c6\u9891\u529f\u80fd\u3002Cisco 9900 Series IP Phones\u5b58\u5728\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7a0b\u5e8f\u672a\u80fd\u6b63\u786e\u652f\u6301RTP\u534f\u8bae\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u5728\u547c\u53eb\u5e94\u7b54\u540e\u53d1\u9001\u7578\u5f62\u7684RTP\u6570\u636e\u5305\u5229\u7528\u8be5\u6f0f\u6d1e\u9020\u6210\u62d2\u7edd\u670d\u52a1\uff08\u8bbe\u5907\u6302\u8d77\uff09\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Cisco 9900 Series IP Phones\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "Cisco 9900 phones with firmware 9.3(2)"
  },
  "referenceLink": "http://tools.cisco.com/security/center/viewAlert.x?alertId=39554",
  "serverity": "\u4e2d",
  "submitTime": "2015-07-02",
  "title": "Cisco 9900 Series IP Phones\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e"
}

GHSA-29V6-J9P2-6QXC

Vulnerability from github – Published: 2022-05-17 03:08 – Updated: 2022-05-17 03:08

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2015-4226"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2015-06-30T15:59:00Z",
    "severity": "HIGH"
  },
  "details": "The packet-storing feature on Cisco 9900 phones with firmware 9.3(2) does not properly support the RTP protocol, which allows remote attackers to cause a denial of service (device hang) by sending malformed RTP packets after a call is answered, aka Bug ID CSCur39976.",
  "id": "GHSA-29v6-j9p2-6qxc",
  "modified": "2022-05-17T03:08:43Z",
  "published": "2022-05-17T03:08:43Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-4226"
    },
    {
      "type": "WEB",
      "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=39554"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/75471"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1032748"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2015-4226 (GCVE-0-2015-4226)

VAR-201506-0314

GSD-2015-4226

FKIE_CVE-2015-4226

CNVD-2015-04201

GHSA-29V6-J9P2-6QXC

Tags

Sightings

Nomenclature