CVSS: 7.8EPSS: 0%CPEs: 32EXPL: 0CVE-2017-6779
https://notcve.org/view.php?id=CVE-2017-6779
Multiple Cisco products are affected by a vulnerability in local file management for certain system log files of Cisco collaboration products that could allow an unauthenticated, remote attacker to cause high disk utilization, resulting in a denial of service (DoS) condition. The vulnerability occurs because a certain system log file does not have a maximum size restriction. Therefore, the file is allowed to consume the majority of available disk space on the appliance. An attacker could exploit this vulnerability by sending crafted remote connection requests to the appliance. Successful exploitation could allow the attacker to increase the size of a system log file so that it consumes most of the disk space. • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-diskdos • CWE-399: Resource Management Errors CWE-400: Uncontrolled Resource Consumption •
CVSS: 10.0EPSS: 3%CPEs: 12EXPL: 0CVE-2017-12337
https://notcve.org/view.php?id=CVE-2017-12337
A vulnerability in the upgrade mechanism of Cisco collaboration products based on the Cisco Voice Operating System software platform could allow an unauthenticated, remote attacker to gain unauthorized, elevated access to an affected device. The vulnerability occurs when a refresh upgrade (RU) or Prime Collaboration Deployment (PCD) migration is performed on an affected device. When a refresh upgrade or PCD migration is completed successfully, an engineering flag remains enabled and could allow root access to the device with a known password. If the vulnerable device is subsequently upgraded using the standard upgrade method to an Engineering Special Release, service update, or a new major release of the affected product, this vulnerability is remediated by that action. Note: Engineering Special Releases that are installed as COP files, as opposed to the standard upgrade method, do not remediate this vulnerability. • http://www.securityfocus.com/bid/101865 http://www.securitytracker.com/id/1039813 http://www.securitytracker.com/id/1039814 http://www.securitytracker.com/id/1039815 http://www.securitytracker.com/id/1039816 http://www.securitytracker.com/id/1039817 http://www.securitytracker.com/id/1039818 http://www.securitytracker.com/id/1039819 http://www.securitytracker.com/id/1039820 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20171115-vos • CWE-287: Improper Authentication •
CVSS: 9.0EPSS: 0%CPEs: 5EXPL: 0CVE-2007-5539
https://notcve.org/view.php?id=CVE-2007-5539
Unspecified vulnerability in Cisco Unified Intelligent Contact Management Enterprise (ICME), Unified ICM Hosted (ICMH), Unified Contact Center Enterprise (UCCE), Unified Contact Center Hosted (UCCH), and System Unified Contact Center Enterprise (SUCCE) 7.1(5) allows remote authenticated users to gain privileges, and read reports or change the SUCCE configuration, via certain web interfaces, aka CSCsj55686. Una vulnerabilidad no especificada en Cisco Unified Intelligent Contact Management Enterprise (ICME), Unified ICM Hosted (ICMH), Unified Contact Center Enterprise (UCCE), Unified Contact Center Hosted (UCCH) y System Unified Contact Center Enterprise (SUCCE) versión 7.1 (5), permite a usuarios autenticados remotos alcanzar privilegios y leer reportes o cambiar la configuración de SUCCE, por medio de ciertas interfaces web, también se conoce como CSCsj55686. • http://osvdb.org/37938 http://secunia.com/advisories/27214 http://www.cisco.com/en/US/products/products_security_advisory09186a00808dda12.shtml http://www.securityfocus.com/bid/26106 http://www.securitytracker.com/id?1018829 http://www.vupen.com/english/advisories/2007/3533 https://exchange.xforce.ibmcloud.com/vulnerabilities/37248 •
CVSS: 5.0EPSS: 2%CPEs: 8EXPL: 0CVE-2007-0198
https://notcve.org/view.php?id=CVE-2007-0198
The JTapi Gateway process in Cisco Unified Contact Center Enterprise, Unified Contact Center Hosted, IP Contact Center Enterprise, and Cisco IP Contact Center Hosted 5.0 through 7.1 allows remote attackers to cause a denial of service (repeated process restart) via a certain TCP session on the JTapi server port. El proceso JTapi Gateway en Cisco Unified Contact Center Enterprise, Unified Contact Center Hosted, IP Contact Center Enterprise, y Cisco IP Contact Center Hosted 5.0 hasta 7.1 permite a atacantes remotos provocar una denegación de servicio (repetición de reinicio de proceso) mediante sesiones concretas TCP en el puerto de servidor JTapi. • http://osvdb.org/32682 http://secunia.com/advisories/23710 http://securitytracker.com/id?1017499 http://www.cisco.com/warp/public/707/cisco-sa-20070110-jtapi.shtml http://www.securityfocus.com/bid/21988 http://www.vupen.com/english/advisories/2007/0138 •