// For flags

CVE-2017-6779

 

Severity Score

7.5
*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Multiple Cisco products are affected by a vulnerability in local file management for certain system log files of Cisco collaboration products that could allow an unauthenticated, remote attacker to cause high disk utilization, resulting in a denial of service (DoS) condition. The vulnerability occurs because a certain system log file does not have a maximum size restriction. Therefore, the file is allowed to consume the majority of available disk space on the appliance. An attacker could exploit this vulnerability by sending crafted remote connection requests to the appliance. Successful exploitation could allow the attacker to increase the size of a system log file so that it consumes most of the disk space. The lack of available disk space could lead to a DoS condition in which the application functions could operate abnormally, making the appliance unstable. This vulnerability affects the following Cisco Voice Operating System (VOS)-based products: Emergency Responder, Finesse, Hosted Collaboration Mediation Fulfillment, MediaSense, Prime License Manager, SocialMiner, Unified Communications Manager (UCM), Unified Communications Manager IM and Presence Service (IM&P - earlier releases were known as Cisco Unified Presence), Unified Communication Manager Session Management Edition (SME), Unified Contact Center Express (UCCx), Unified Intelligence Center (UIC), Unity Connection, Virtualized Voice Browser. This vulnerability also affects Prime Collaboration Assurance and Prime Collaboration Provisioning. Cisco Bug IDs: CSCvd10872, CSCvf64322, CSCvf64332, CSCvi29538, CSCvi29543, CSCvi29544, CSCvi29546, CSCvi29556, CSCvi29571, CSCvi31738, CSCvi31741, CSCvi31762, CSCvi31807, CSCvi31818, CSCvi31823.

Múltiples productos Cisco se han visto afectados por una vulnerabilidad en la gestión de archivos locales para ciertos archivos de log del sistema de productos Cisco Collaboration que podrían permitir que un atacante remoto no autenticado provoque un gran uso del disco, lo que resulta en una condición de denegación de servicio (DoS). La vulnerabilidad ocurre debido a que cierto archivo de registro del sistema no tiene una restricción de tamaño máximo. Por lo tanto, se permite que el archivo consuma la mayoría de espacio disponible en el dispositivo. Un atacante podría explotar esta vulnerabilidad enviando peticiones de conexión remota manipuladas al dispositivo. La explotación con éxito podría permitir que el atacante aumente el tamaño de un archivo de log del sistema para que consuma casi todo el espacio del disco. La falta de espacio disponible en el disco podría desembocar en una condición de denegación de servicio (DoS) en la que las funciones de la aplicación podrían operar de forma errónea, haciendo que la aplicación sea inestable. Esta vulnerabilidad afecta a los siguientes productos basados en Cisco Voice Operating System (VOS): Emergency Responder, Finesse, Hosted Collaboration Mediation Fulfillment, MediaSense, Prime License Manager, SocialMiner, Unified Communications Manager (UCM), Unified Communications Manager IM and Presence Service (IMP - earlier releases were known as Cisco Unified Presence), Unified Communication Manager Session Management Edition (SME), Unified Contact Center Express (UCCx), Unified Intelligence Center (UIC), Unity Connection y Virtualized Voice Browser. Esta vulnerabilidad también afecta a Prime Collaboration Assurance y Prime Collaboration Provisioning. Cisco Bug IDs: CSCvd10872, CSCvf64322, CSCvf64332, CSCvi29538, CSCvi29543, CSCvi29544, CSCvi29546, CSCvi29556, CSCvi29571, CSCvi31738, CSCvi31741, CSCvi31762, CSCvi31807, CSCvi31818 y CSCvi31823.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
None
Integrity
None
Availability
Complete
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2017-03-09 CVE Reserved
  • 2018-06-07 CVE Published
  • 2024-04-16 EPSS Updated
  • 2024-08-05 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-399: Resource Management Errors
  • CWE-400: Uncontrolled Resource Consumption
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Cisco
Search vendor "Cisco"
Emergency Responder
Search vendor "Cisco" for product "Emergency Responder"
>= 10.5 < 10.5\(1a\)
Search vendor "Cisco" for product "Emergency Responder" and version " >= 10.5 < 10.5\(1a\)"
-
Affected
Cisco
Search vendor "Cisco"
Emergency Responder
Search vendor "Cisco" for product "Emergency Responder"
>= 11.0 < 11.5\(4\)
Search vendor "Cisco" for product "Emergency Responder" and version " >= 11.0 < 11.5\(4\)"
-
Affected
Cisco
Search vendor "Cisco"
Emergency Responder
Search vendor "Cisco" for product "Emergency Responder"
>= 12.0 < 12.0su1
Search vendor "Cisco" for product "Emergency Responder" and version " >= 12.0 < 12.0su1"
-
Affected
Cisco
Search vendor "Cisco"
Emergency Responder
Search vendor "Cisco" for product "Emergency Responder"
11.0\(1.10000.10\)
Search vendor "Cisco" for product "Emergency Responder" and version "11.0\(1.10000.10\)"
-
Affected
Cisco
Search vendor "Cisco"
Finesse
Search vendor "Cisco" for product "Finesse"
>= 11.5 < 11.5\(3\)
Search vendor "Cisco" for product "Finesse" and version " >= 11.5 < 11.5\(3\)"
-
Affected
Cisco
Search vendor "Cisco"
Finesse
Search vendor "Cisco" for product "Finesse"
9.5\(1\)
Search vendor "Cisco" for product "Finesse" and version "9.5\(1\)"
-
Affected
Cisco
Search vendor "Cisco"
Hosted Collaboration Mediation Fulfillment
Search vendor "Cisco" for product "Hosted Collaboration Mediation Fulfillment"
>= 11.5 < 11.5\(3\)
Search vendor "Cisco" for product "Hosted Collaboration Mediation Fulfillment" and version " >= 11.5 < 11.5\(3\)"
-
Affected
Cisco
Search vendor "Cisco"
Hosted Collaboration Mediation Fulfillment
Search vendor "Cisco" for product "Hosted Collaboration Mediation Fulfillment"
9.5\(1\)
Search vendor "Cisco" for product "Hosted Collaboration Mediation Fulfillment" and version "9.5\(1\)"
-
Affected
Cisco
Search vendor "Cisco"
Mediasense
Search vendor "Cisco" for product "Mediasense"
>= 11.5 < 11.5su2
Search vendor "Cisco" for product "Mediasense" and version " >= 11.5 < 11.5su2"
-
Affected
Cisco
Search vendor "Cisco"
Mediasense
Search vendor "Cisco" for product "Mediasense"
9.5\(1\)
Search vendor "Cisco" for product "Mediasense" and version "9.5\(1\)"
-
Affected
Cisco
Search vendor "Cisco"
Prime Collaboration Assurance
Search vendor "Cisco" for product "Prime Collaboration Assurance"
>= 11.6 < 11.6_es16
Search vendor "Cisco" for product "Prime Collaboration Assurance" and version " >= 11.6 < 11.6_es16"
-
Affected
Cisco
Search vendor "Cisco"
Prime Collaboration Assurance
Search vendor "Cisco" for product "Prime Collaboration Assurance"
>= 12.1 < 12.1_es2
Search vendor "Cisco" for product "Prime Collaboration Assurance" and version " >= 12.1 < 12.1_es2"
-
Affected
Cisco
Search vendor "Cisco"
Prime Collaboration Provisioning
Search vendor "Cisco" for product "Prime Collaboration Provisioning"
12.5
Search vendor "Cisco" for product "Prime Collaboration Provisioning" and version "12.5"
-
Affected
Cisco
Search vendor "Cisco"
Prime License Manager
Search vendor "Cisco" for product "Prime License Manager"
>= 10.5 < 10.5.2
Search vendor "Cisco" for product "Prime License Manager" and version " >= 10.5 < 10.5.2"
-
Affected
Cisco
Search vendor "Cisco"
Prime License Manager
Search vendor "Cisco" for product "Prime License Manager"
>= 11.0 < 11.5\(1\)su5
Search vendor "Cisco" for product "Prime License Manager" and version " >= 11.0 < 11.5\(1\)su5"
-
Affected
Cisco
Search vendor "Cisco"
Socialminer
Search vendor "Cisco" for product "Socialminer"
>= 11.6 < 11.6.1
Search vendor "Cisco" for product "Socialminer" and version " >= 11.6 < 11.6.1"
-
Affected
Cisco
Search vendor "Cisco"
Unified Communications Manager
Search vendor "Cisco" for product "Unified Communications Manager"
>= 10.0 < 10.5\(2\)su5
Search vendor "Cisco" for product "Unified Communications Manager" and version " >= 10.0 < 10.5\(2\)su5"
-
Affected
Cisco
Search vendor "Cisco"
Unified Communications Manager
Search vendor "Cisco" for product "Unified Communications Manager"
>= 11.0 < 11.0\(1a\)su4
Search vendor "Cisco" for product "Unified Communications Manager" and version " >= 11.0 < 11.0\(1a\)su4"
-
Affected
Cisco
Search vendor "Cisco"
Unified Communications Manager
Search vendor "Cisco" for product "Unified Communications Manager"
>= 11.5 < 11.5\(1\)su3
Search vendor "Cisco" for product "Unified Communications Manager" and version " >= 11.5 < 11.5\(1\)su3"
-
Affected
Cisco
Search vendor "Cisco"
Unified Communications Manager
Search vendor "Cisco" for product "Unified Communications Manager"
10.5\(2.10000.5\)
Search vendor "Cisco" for product "Unified Communications Manager" and version "10.5\(2.10000.5\)"
-
Affected
Cisco
Search vendor "Cisco"
Unified Communications Manager
Search vendor "Cisco" for product "Unified Communications Manager"
11.0\(1.10000.10\)
Search vendor "Cisco" for product "Unified Communications Manager" and version "11.0\(1.10000.10\)"
-
Affected
Cisco
Search vendor "Cisco"
Unified Communications Manager
Search vendor "Cisco" for product "Unified Communications Manager"
11.5\(1.10000.6\)
Search vendor "Cisco" for product "Unified Communications Manager" and version "11.5\(1.10000.6\)"
-
Affected
Cisco
Search vendor "Cisco"
Unified Communications Manager
Search vendor "Cisco" for product "Unified Communications Manager"
12.0
Search vendor "Cisco" for product "Unified Communications Manager" and version "12.0"
-
Affected
Cisco
Search vendor "Cisco"
Unified Contact Center Express
Search vendor "Cisco" for product "Unified Contact Center Express"
>= 11.6 < 11.6\(1\)
Search vendor "Cisco" for product "Unified Contact Center Express" and version " >= 11.6 < 11.6\(1\)"
-
Affected
Cisco
Search vendor "Cisco"
Unified Contact Center Express
Search vendor "Cisco" for product "Unified Contact Center Express"
9.0\(2\)su1.3
Search vendor "Cisco" for product "Unified Contact Center Express" and version "9.0\(2\)su1.3"
-
Affected
Cisco
Search vendor "Cisco"
Unified Intelligence Center
Search vendor "Cisco" for product "Unified Intelligence Center"
>= 11.6 < 11.6\(1\)
Search vendor "Cisco" for product "Unified Intelligence Center" and version " >= 11.6 < 11.6\(1\)"
-
Affected
Cisco
Search vendor "Cisco"
Unified Intelligence Center
Search vendor "Cisco" for product "Unified Intelligence Center"
9.5\(1\)
Search vendor "Cisco" for product "Unified Intelligence Center" and version "9.5\(1\)"
-
Affected
Cisco
Search vendor "Cisco"
Unity Connection
Search vendor "Cisco" for product "Unity Connection"
>= 10.5 < 10.5su5
Search vendor "Cisco" for product "Unity Connection" and version " >= 10.5 < 10.5su5"
-
Affected
Cisco
Search vendor "Cisco"
Unity Connection
Search vendor "Cisco" for product "Unity Connection"
>= 11.0 < 11.5.1su3
Search vendor "Cisco" for product "Unity Connection" and version " >= 11.0 < 11.5.1su3"
-
Affected
Cisco
Search vendor "Cisco"
Unity Connection
Search vendor "Cisco" for product "Unity Connection"
9.5\(0.9\)tt0
Search vendor "Cisco" for product "Unity Connection" and version "9.5\(0.9\)tt0"
-
Affected
Cisco
Search vendor "Cisco"
Unity Connection
Search vendor "Cisco" for product "Unity Connection"
12.0
Search vendor "Cisco" for product "Unity Connection" and version "12.0"
-
Affected
Cisco
Search vendor "Cisco"
Virtualized Voice Browser
Search vendor "Cisco" for product "Virtualized Voice Browser"
>= 11.6 < 11.6\(1\)
Search vendor "Cisco" for product "Virtualized Voice Browser" and version " >= 11.6 < 11.6\(1\)"
-
Affected