CVE-2017-6779

Multiple Cisco products are affected by a vulnerability in local file management for certain system log files of Cisco collaboration products that could allow an unauthenticated, remote attacker to cause high disk utilization, resulting in a denial of service (DoS) condition. The vulnerability occurs because a certain system log file does not have a maximum size restriction. Therefore, the file is allowed to consume the majority of available disk space on the appliance. An attacker could exploit this vulnerability by sending crafted remote connection requests to the appliance. Successful exploitation could allow the attacker to increase the size of a system log file so that it consumes most of the disk space. The lack of available disk space could lead to a DoS condition in which the application functions could operate abnormally, making the appliance unstable. This vulnerability affects the following Cisco Voice Operating System (VOS)-based products: Emergency Responder, Finesse, Hosted Collaboration Mediation Fulfillment, MediaSense, Prime License Manager, SocialMiner, Unified Communications Manager (UCM), Unified Communications Manager IM and Presence Service (IM&P - earlier releases were known as Cisco Unified Presence), Unified Communication Manager Session Management Edition (SME), Unified Contact Center Express (UCCx), Unified Intelligence Center (UIC), Unity Connection, Virtualized Voice Browser. This vulnerability also affects Prime Collaboration Assurance and Prime Collaboration Provisioning. Cisco Bug IDs: CSCvd10872, CSCvf64322, CSCvf64332, CSCvi29538, CSCvi29543, CSCvi29544, CSCvi29546, CSCvi29556, CSCvi29571, CSCvi31738, CSCvi31741, CSCvi31762, CSCvi31807, CSCvi31818, CSCvi31823.

CVSS v3 7.5 HIGH
CVSS v2.0 7.8 HIGH

7.5^/10

CVSS v3 : HIGH

V3 Legend

Vector : AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

7.8^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:N/I:N/A:C

Exploitability : 10.0 / Impact : 6.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact COMPLETE

References

Link	Resource
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-diskdos	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:cisco:emergency_responder::::::::
	cpe:2.3:a:cisco:emergency_responder::::::::
	cpe:2.3:a:cisco:emergency_responder::::::::
	cpe:2.3:a:cisco:emergency_responder:11.0\(1.10000.10\):::::::*

Configuration 2 (hide)

OR	cpe:2.3:a:cisco:finesse::::::::
	cpe:2.3:a:cisco:finesse:9.5\(1\):::::::*

Configuration 3 (hide)

OR	cpe:2.3:a:cisco:hosted_collaboration_mediation_fulfillment::::::::
	cpe:2.3:a:cisco:hosted_collaboration_mediation_fulfillment:9.5\(1\):::::::*

Configuration 4 (hide)

OR	cpe:2.3:a:cisco:mediasense::::::::
	cpe:2.3:a:cisco:mediasense:9.5\(1\):::::::*

Configuration 5 (hide)

OR	cpe:2.3:a:cisco:prime_collaboration_assurance::::::::
	cpe:2.3:a:cisco:prime_collaboration_assurance::::::::

Configuration 6 (hide)

cpe:2.3:a:cisco:prime_collaboration_provisioning:12.5:*:*:*:*:*:*:*

Configuration 7 (hide)

OR	cpe:2.3:a:cisco:prime_license_manager::::::::
	cpe:2.3:a:cisco:prime_license_manager::::::::

Configuration 8 (hide)

cpe:2.3:a:cisco:socialminer:*:*:*:*:*:*:*:*

Configuration 9 (hide)

OR	cpe:2.3:a:cisco:unified_communications_manager::::::::
	cpe:2.3:a:cisco:unified_communications_manager::::::::
	cpe:2.3:a:cisco:unified_communications_manager::::::::
	cpe:2.3:a:cisco:unified_communications_manager:10.5\(2.10000.5\):::::::*
	cpe:2.3:a:cisco:unified_communications_manager:11.0\(1.10000.10\):::::::*
	cpe:2.3:a:cisco:unified_communications_manager:11.5\(1.10000.6\):::::::*
	cpe:2.3:a:cisco:unified_communications_manager:12.0:::::::*

Configuration 10 (hide)

OR	cpe:2.3:a:cisco:unified_contact_center_express::::::::
	cpe:2.3:a:cisco:unified_contact_center_express:9.0\(2\)su1.3:::::::*

Configuration 11 (hide)

OR	cpe:2.3:o:cisco:unified_intelligence_center::::::::
	cpe:2.3:o:cisco:unified_intelligence_center:9.5\(1\):::::::*

Configuration 12 (hide)

OR	cpe:2.3:a:cisco:unity_connection::::::::
	cpe:2.3:a:cisco:unity_connection::::::::
	cpe:2.3:a:cisco:unity_connection:9.5\(0.9\)tt0:::::::*
	cpe:2.3:a:cisco:unity_connection:12.0:::::::*

Configuration 13 (hide)

cpe:2.3:a:cisco:virtualized_voice_browser:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2018-06-07 12:29

Updated : 2023-12-10 12:30

NVD link : CVE-2017-6779

Mitre link : CVE-2017-6779

CVE.ORG link : CVE-2017-6779

JSON object : View

Products Affected

cisco

mediasense
prime_collaboration_assurance
prime_license_manager
prime_collaboration_provisioning
socialminer
unified_communications_manager
unified_contact_center_express
unity_connection
virtualized_voice_browser
finesse
emergency_responder
unified_intelligence_center
hosted_collaboration_mediation_fulfillment

CWE

CWE-400

Uncontrolled Resource Consumption

CWE-399

Resource Management Errors

7.5 /10

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

7.8 /10

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact COMPLETE

JSON object

Attach tags to CVE-2017-6779

7.5^/10

7.8^/10

Attach tags to `CVE-2017-6779`