CVSS: 7.8EPSS: 0%CPEs: 32EXPL: 0CVE-2017-6779
https://notcve.org/view.php?id=CVE-2017-6779
Multiple Cisco products are affected by a vulnerability in local file management for certain system log files of Cisco collaboration products that could allow an unauthenticated, remote attacker to cause high disk utilization, resulting in a denial of service (DoS) condition. The vulnerability occurs because a certain system log file does not have a maximum size restriction. Therefore, the file is allowed to consume the majority of available disk space on the appliance. An attacker could exploit this vulnerability by sending crafted remote connection requests to the appliance. Successful exploitation could allow the attacker to increase the size of a system log file so that it consumes most of the disk space. • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-diskdos • CWE-399: Resource Management Errors CWE-400: Uncontrolled Resource Consumption •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2016-9208
https://notcve.org/view.php?id=CVE-2016-9208
A vulnerability in the File Management Utility, the Download File form, and the Serviceability application of Cisco Emergency Responder could allow an authenticated, remote attacker to access files in arbitrary locations on the file system of an affected device. More Information: CSCva98951 CSCva98954 CSCvb57494. Known Affected Releases: 11.5(2.10000.5). Known Fixed Releases: 12.0(0.98000.14) 12.0(0.98000.16). Una vulnerabilidad en el File Management Utility, el formulario Download File y la aplicación Serviceability de Cisco Emergency Responder podría permitir a un atacante remoto autenticado acceder a archivos en localizaciones arbitrarias en el sistema de archivo del dispositivo afectado. • http://www.securityfocus.com/bid/94800 http://www.securitytracker.com/id/1037426 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-cer1 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2016-6468
https://notcve.org/view.php?id=CVE-2016-6468
A vulnerability in the web-based management interface of Cisco Emergency Responder could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected device. More Information: CSCvb06663. Known Affected Releases: 11.5(1.10000.4). Known Fixed Releases: 12.0(0.98000.14). Una vulnerabilidad en la interfaz de administración basada en web de Cisco Emergency Responder puede permitir a un atacante remoto no autenticado llevar a cabo un ataque CSRF y realizar acciones arbitrarias en el dispositivo afectado. • http://www.securityfocus.com/bid/94786 http://www.securitytracker.com/id/1037428 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20161207-cer • CWE-352: Cross-Site Request Forgery (CSRF) •