The WebApplications Identity Management subsystem in Cisco Unified Communications Manager 10.5(0.98000.88) allows remote attackers to cause a denial of service (subsystem outage) via invalid session tokens, aka Bug ID CSCul83786.

References

• https://nvd.nist.gov/vuln/detail/CVE-2015-6425
• http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151215-ucmim
• http://www.securityfocus.com/bid/79275
• http://www.securitytracker.com/id/1034431