CVE-2017-6779
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Multiple Cisco products are affected by a vulnerability in local file management for certain system log files of Cisco collaboration products that could allow an unauthenticated, remote attacker to cause high disk utilization, resulting in a denial of service (DoS) condition. The vulnerability occurs because a certain system log file does not have a maximum size restriction. Therefore, the file is allowed to consume the majority of available disk space on the appliance. An attacker could exploit this vulnerability by sending crafted remote connection requests to the appliance. Successful exploitation could allow the attacker to increase the size of a system log file so that it consumes most of the disk space. The lack of available disk space could lead to a DoS condition in which the application functions could operate abnormally, making the appliance unstable. This vulnerability affects the following Cisco Voice Operating System (VOS)-based products: Emergency Responder, Finesse, Hosted Collaboration Mediation Fulfillment, MediaSense, Prime License Manager, SocialMiner, Unified Communications Manager (UCM), Unified Communications Manager IM and Presence Service (IM&P - earlier releases were known as Cisco Unified Presence), Unified Communication Manager Session Management Edition (SME), Unified Contact Center Express (UCCx), Unified Intelligence Center (UIC), Unity Connection, Virtualized Voice Browser. This vulnerability also affects Prime Collaboration Assurance and Prime Collaboration Provisioning. Cisco Bug IDs: CSCvd10872, CSCvf64322, CSCvf64332, CSCvi29538, CSCvi29543, CSCvi29544, CSCvi29546, CSCvi29556, CSCvi29571, CSCvi31738, CSCvi31741, CSCvi31762, CSCvi31807, CSCvi31818, CSCvi31823.
Múltiples productos Cisco se han visto afectados por una vulnerabilidad en la gestión de archivos locales para ciertos archivos de log del sistema de productos Cisco Collaboration que podrían permitir que un atacante remoto no autenticado provoque un gran uso del disco, lo que resulta en una condición de denegación de servicio (DoS). La vulnerabilidad ocurre debido a que cierto archivo de registro del sistema no tiene una restricción de tamaño máximo. Por lo tanto, se permite que el archivo consuma la mayoría de espacio disponible en el dispositivo. Un atacante podría explotar esta vulnerabilidad enviando peticiones de conexión remota manipuladas al dispositivo. La explotación con éxito podría permitir que el atacante aumente el tamaño de un archivo de log del sistema para que consuma casi todo el espacio del disco. La falta de espacio disponible en el disco podría desembocar en una condición de denegación de servicio (DoS) en la que las funciones de la aplicación podrían operar de forma errónea, haciendo que la aplicación sea inestable. Esta vulnerabilidad afecta a los siguientes productos basados en Cisco Voice Operating System (VOS): Emergency Responder, Finesse, Hosted Collaboration Mediation Fulfillment, MediaSense, Prime License Manager, SocialMiner, Unified Communications Manager (UCM), Unified Communications Manager IM and Presence Service (IMP - earlier releases were known as Cisco Unified Presence), Unified Communication Manager Session Management Edition (SME), Unified Contact Center Express (UCCx), Unified Intelligence Center (UIC), Unity Connection y Virtualized Voice Browser. Esta vulnerabilidad también afecta a Prime Collaboration Assurance y Prime Collaboration Provisioning. Cisco Bug IDs: CSCvd10872, CSCvf64322, CSCvf64332, CSCvi29538, CSCvi29543, CSCvi29544, CSCvi29546, CSCvi29556, CSCvi29571, CSCvi31738, CSCvi31741, CSCvi31762, CSCvi31807, CSCvi31818 y CSCvi31823.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2017-03-09 CVE Reserved
- 2018-06-07 CVE Published
- 2024-04-16 EPSS Updated
- 2024-08-05 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-399: Resource Management Errors
- CWE-400: Uncontrolled Resource Consumption
CAPEC
References (1)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-diskdos | 2019-10-09 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Cisco Search vendor "Cisco" | Emergency Responder Search vendor "Cisco" for product "Emergency Responder" | >= 10.5 < 10.5\(1a\) Search vendor "Cisco" for product "Emergency Responder" and version " >= 10.5 < 10.5\(1a\)" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Emergency Responder Search vendor "Cisco" for product "Emergency Responder" | >= 11.0 < 11.5\(4\) Search vendor "Cisco" for product "Emergency Responder" and version " >= 11.0 < 11.5\(4\)" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Emergency Responder Search vendor "Cisco" for product "Emergency Responder" | >= 12.0 < 12.0su1 Search vendor "Cisco" for product "Emergency Responder" and version " >= 12.0 < 12.0su1" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Emergency Responder Search vendor "Cisco" for product "Emergency Responder" | 11.0\(1.10000.10\) Search vendor "Cisco" for product "Emergency Responder" and version "11.0\(1.10000.10\)" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Finesse Search vendor "Cisco" for product "Finesse" | >= 11.5 < 11.5\(3\) Search vendor "Cisco" for product "Finesse" and version " >= 11.5 < 11.5\(3\)" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Finesse Search vendor "Cisco" for product "Finesse" | 9.5\(1\) Search vendor "Cisco" for product "Finesse" and version "9.5\(1\)" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Hosted Collaboration Mediation Fulfillment Search vendor "Cisco" for product "Hosted Collaboration Mediation Fulfillment" | >= 11.5 < 11.5\(3\) Search vendor "Cisco" for product "Hosted Collaboration Mediation Fulfillment" and version " >= 11.5 < 11.5\(3\)" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Hosted Collaboration Mediation Fulfillment Search vendor "Cisco" for product "Hosted Collaboration Mediation Fulfillment" | 9.5\(1\) Search vendor "Cisco" for product "Hosted Collaboration Mediation Fulfillment" and version "9.5\(1\)" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Mediasense Search vendor "Cisco" for product "Mediasense" | >= 11.5 < 11.5su2 Search vendor "Cisco" for product "Mediasense" and version " >= 11.5 < 11.5su2" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Mediasense Search vendor "Cisco" for product "Mediasense" | 9.5\(1\) Search vendor "Cisco" for product "Mediasense" and version "9.5\(1\)" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Prime Collaboration Assurance Search vendor "Cisco" for product "Prime Collaboration Assurance" | >= 11.6 < 11.6_es16 Search vendor "Cisco" for product "Prime Collaboration Assurance" and version " >= 11.6 < 11.6_es16" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Prime Collaboration Assurance Search vendor "Cisco" for product "Prime Collaboration Assurance" | >= 12.1 < 12.1_es2 Search vendor "Cisco" for product "Prime Collaboration Assurance" and version " >= 12.1 < 12.1_es2" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Prime Collaboration Provisioning Search vendor "Cisco" for product "Prime Collaboration Provisioning" | 12.5 Search vendor "Cisco" for product "Prime Collaboration Provisioning" and version "12.5" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Prime License Manager Search vendor "Cisco" for product "Prime License Manager" | >= 10.5 < 10.5.2 Search vendor "Cisco" for product "Prime License Manager" and version " >= 10.5 < 10.5.2" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Prime License Manager Search vendor "Cisco" for product "Prime License Manager" | >= 11.0 < 11.5\(1\)su5 Search vendor "Cisco" for product "Prime License Manager" and version " >= 11.0 < 11.5\(1\)su5" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Socialminer Search vendor "Cisco" for product "Socialminer" | >= 11.6 < 11.6.1 Search vendor "Cisco" for product "Socialminer" and version " >= 11.6 < 11.6.1" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Unified Communications Manager Search vendor "Cisco" for product "Unified Communications Manager" | >= 10.0 < 10.5\(2\)su5 Search vendor "Cisco" for product "Unified Communications Manager" and version " >= 10.0 < 10.5\(2\)su5" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Unified Communications Manager Search vendor "Cisco" for product "Unified Communications Manager" | >= 11.0 < 11.0\(1a\)su4 Search vendor "Cisco" for product "Unified Communications Manager" and version " >= 11.0 < 11.0\(1a\)su4" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Unified Communications Manager Search vendor "Cisco" for product "Unified Communications Manager" | >= 11.5 < 11.5\(1\)su3 Search vendor "Cisco" for product "Unified Communications Manager" and version " >= 11.5 < 11.5\(1\)su3" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Unified Communications Manager Search vendor "Cisco" for product "Unified Communications Manager" | 10.5\(2.10000.5\) Search vendor "Cisco" for product "Unified Communications Manager" and version "10.5\(2.10000.5\)" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Unified Communications Manager Search vendor "Cisco" for product "Unified Communications Manager" | 11.0\(1.10000.10\) Search vendor "Cisco" for product "Unified Communications Manager" and version "11.0\(1.10000.10\)" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Unified Communications Manager Search vendor "Cisco" for product "Unified Communications Manager" | 11.5\(1.10000.6\) Search vendor "Cisco" for product "Unified Communications Manager" and version "11.5\(1.10000.6\)" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Unified Communications Manager Search vendor "Cisco" for product "Unified Communications Manager" | 12.0 Search vendor "Cisco" for product "Unified Communications Manager" and version "12.0" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Unified Contact Center Express Search vendor "Cisco" for product "Unified Contact Center Express" | >= 11.6 < 11.6\(1\) Search vendor "Cisco" for product "Unified Contact Center Express" and version " >= 11.6 < 11.6\(1\)" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Unified Contact Center Express Search vendor "Cisco" for product "Unified Contact Center Express" | 9.0\(2\)su1.3 Search vendor "Cisco" for product "Unified Contact Center Express" and version "9.0\(2\)su1.3" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Unified Intelligence Center Search vendor "Cisco" for product "Unified Intelligence Center" | >= 11.6 < 11.6\(1\) Search vendor "Cisco" for product "Unified Intelligence Center" and version " >= 11.6 < 11.6\(1\)" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Unified Intelligence Center Search vendor "Cisco" for product "Unified Intelligence Center" | 9.5\(1\) Search vendor "Cisco" for product "Unified Intelligence Center" and version "9.5\(1\)" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Unity Connection Search vendor "Cisco" for product "Unity Connection" | >= 10.5 < 10.5su5 Search vendor "Cisco" for product "Unity Connection" and version " >= 10.5 < 10.5su5" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Unity Connection Search vendor "Cisco" for product "Unity Connection" | >= 11.0 < 11.5.1su3 Search vendor "Cisco" for product "Unity Connection" and version " >= 11.0 < 11.5.1su3" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Unity Connection Search vendor "Cisco" for product "Unity Connection" | 9.5\(0.9\)tt0 Search vendor "Cisco" for product "Unity Connection" and version "9.5\(0.9\)tt0" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Unity Connection Search vendor "Cisco" for product "Unity Connection" | 12.0 Search vendor "Cisco" for product "Unity Connection" and version "12.0" | - |
Affected
| ||||||
| Cisco Search vendor "Cisco" | Virtualized Voice Browser Search vendor "Cisco" for product "Virtualized Voice Browser" | >= 11.6 < 11.6\(1\) Search vendor "Cisco" for product "Virtualized Voice Browser" and version " >= 11.6 < 11.6\(1\)" | - |
Affected
| ||||||