{"containers": {"cna": {"affected": [{"product": "Multiple Cisco Products unknown", "vendor": "n/a", "versions": [{"status": "affected", "version": "Multiple Cisco Products unknown"}]}], "datePublic": "2018-06-07T00:00:00", "descriptions": [{"lang": "en", "value": "Multiple Cisco products are affected by a vulnerability in local file management for certain system log files of Cisco collaboration products that could allow an unauthenticated, remote attacker to cause high disk utilization, resulting in a denial of service (DoS) condition. The vulnerability occurs because a certain system log file does not have a maximum size restriction. Therefore, the file is allowed to consume the majority of available disk space on the appliance. An attacker could exploit this vulnerability by sending crafted remote connection requests to the appliance. Successful exploitation could allow the attacker to increase the size of a system log file so that it consumes most of the disk space. The lack of available disk space could lead to a DoS condition in which the application functions could operate abnormally, making the appliance unstable. This vulnerability affects the following Cisco Voice Operating System (VOS)-based products: Emergency Responder, Finesse, Hosted Collaboration Mediation Fulfillment, MediaSense, Prime License Manager, SocialMiner, Unified Communications Manager (UCM), Unified Communications Manager IM and Presence Service (IM&P - earlier releases were known as Cisco Unified Presence), Unified Communication Manager Session Management Edition (SME), Unified Contact Center Express (UCCx), Unified Intelligence Center (UIC), Unity Connection, Virtualized Voice Browser. This vulnerability also affects Prime Collaboration Assurance and Prime Collaboration Provisioning. Cisco Bug IDs: CSCvd10872, CSCvf64322, CSCvf64332, CSCvi29538, CSCvi29543, CSCvi29544, CSCvi29546, CSCvi29556, CSCvi29571, CSCvi31738, CSCvi31741, CSCvi31762, CSCvi31807, CSCvi31818, CSCvi31823."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-399", "description": "CWE-399", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2018-06-07T11:57:01", "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-diskdos"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@cisco.com", "ID": "CVE-2017-6779", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Multiple Cisco Products unknown", "version": {"version_data": [{"version_value": "Multiple Cisco Products unknown"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Multiple Cisco products are affected by a vulnerability in local file management for certain system log files of Cisco collaboration products that could allow an unauthenticated, remote attacker to cause high disk utilization, resulting in a denial of service (DoS) condition. The vulnerability occurs because a certain system log file does not have a maximum size restriction. Therefore, the file is allowed to consume the majority of available disk space on the appliance. An attacker could exploit this vulnerability by sending crafted remote connection requests to the appliance. Successful exploitation could allow the attacker to increase the size of a system log file so that it consumes most of the disk space. The lack of available disk space could lead to a DoS condition in which the application functions could operate abnormally, making the appliance unstable. This vulnerability affects the following Cisco Voice Operating System (VOS)-based products: Emergency Responder, Finesse, Hosted Collaboration Mediation Fulfillment, MediaSense, Prime License Manager, SocialMiner, Unified Communications Manager (UCM), Unified Communications Manager IM and Presence Service (IM&P - earlier releases were known as Cisco Unified Presence), Unified Communication Manager Session Management Edition (SME), Unified Contact Center Express (UCCx), Unified Intelligence Center (UIC), Unity Connection, Virtualized Voice Browser. This vulnerability also affects Prime Collaboration Assurance and Prime Collaboration Provisioning. Cisco Bug IDs: CSCvd10872, CSCvf64322, CSCvf64332, CSCvi29538, CSCvi29543, CSCvi29544, CSCvi29546, CSCvi29556, CSCvi29571, CSCvi31738, CSCvi31741, CSCvi31762, CSCvi31807, CSCvi31818, CSCvi31823."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-399"}]}]}, "references": {"reference_data": [{"name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-diskdos", "refsource": "CONFIRM", "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-diskdos"}]}}}}, "cveMetadata": {"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "assignerShortName": "cisco", "cveId": "CVE-2017-6779", "datePublished": "2018-06-07T12:00:00", "dateReserved": "2017-03-09T00:00:00", "dateUpdated": "2018-06-07T11:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:cisco:emergency_responder:*:*:*:*:*:*:*:*", "matchCriteriaId": "57F71C50-5AEA-4C57-B40D-BD175CE99F61", "versionEndExcluding": "10.5\\(1a\\)", "versionStartIncluding": "10.5", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:emergency_responder:*:*:*:*:*:*:*:*", "matchCriteriaId": "EADE21CC-8C70-4270-9431-30C4213A8115", "versionEndExcluding": "11.5\\(4\\)", "versionStartIncluding": "11.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:emergency_responder:*:*:*:*:*:*:*:*", "matchCriteriaId": "650A41E1-9A81-4C08-9DDF-9CDDC6E22202", "versionEndExcluding": "12.0su1", "versionStartIncluding": "12.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:emergency_responder:11.0\\(1.10000.10\\):*:*:*:*:*:*:*", "matchCriteriaId": "6E73AED2-74FE-410F-835A-7BD9E5E6C7DE", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:cisco:finesse:*:*:*:*:*:*:*:*", "matchCriteriaId": "17A01F3E-24B2-4FE4-8466-6DE2EFA0530C", "versionEndExcluding": "11.5\\(3\\)", "versionStartIncluding": "11.5", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:finesse:9.5\\(1\\):*:*:*:*:*:*:*", "matchCriteriaId": "359B9780-D7A7-467C-A665-573C62E981EB", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:cisco:hosted_collaboration_mediation_fulfillment:*:*:*:*:*:*:*:*", "matchCriteriaId": "B834DBFE-9CB9-486C-8084-3735D0994D7F", "versionEndExcluding": "11.5\\(3\\)", "versionStartIncluding": "11.5", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:hosted_collaboration_mediation_fulfillment:9.5\\(1\\):*:*:*:*:*:*:*", "matchCriteriaId": "2D3EAC03-CB4A-423D-95BF-D7AB258CE2E0", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:cisco:mediasense:*:*:*:*:*:*:*:*", "matchCriteriaId": "8CEF5671-AEB6-442B-8D9F-242447410512", "versionEndExcluding": "11.5su2", "versionStartIncluding": "11.5", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:mediasense:9.5\\(1\\):*:*:*:*:*:*:*", "matchCriteriaId": "37B3DC93-6772-4836-B969-3D8B0359D4AF", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:cisco:prime_collaboration_assurance:*:*:*:*:*:*:*:*", "matchCriteriaId": "CB04C20D-B989-4B4D-B5F9-C2067CC886E1", "versionEndExcluding": "11.6_es16", "versionStartIncluding": "11.6", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:prime_collaboration_assurance:*:*:*:*:*:*:*:*", "matchCriteriaId": "B92B3174-0187-4C3A-AFE7-2443FBAEA97E", "versionEndExcluding": "12.1_es2", "versionStartIncluding": "12.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:cisco:prime_collaboration_provisioning:12.5:*:*:*:*:*:*:*", "matchCriteriaId": "2BDA7BD5-70AE-431C-8E92-171A84BAA77F", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:cisco:prime_license_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "FA9960C4-874D-44DF-B686-9039179378F4", "versionEndExcluding": "10.5.2", "versionStartIncluding": "10.5", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:prime_license_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "10FC0ED2-B2D2-4F52-B2B0-AC0DDCB430E9", "versionEndExcluding": "11.5\\(1\\)su5", "versionStartIncluding": "11.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:cisco:socialminer:*:*:*:*:*:*:*:*", "matchCriteriaId": "F8F4EDF5-67A4-42E1-BCB3-DB36A74C15A7", "versionEndExcluding": "11.6.1", "versionStartIncluding": "11.6", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "DE65718F-D5E7-4FFA-985E-D0BCE395DBAE", "versionEndExcluding": "10.5\\(2\\)su5", "versionStartIncluding": "10.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "CE99092A-3EB2-4F0B-8812-ECA6B67AA301", "versionEndExcluding": "11.0\\(1a\\)su4", "versionStartIncluding": "11.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:*:*:*:*", "matchCriteriaId": "8439C2DF-9F4B-40FE-8898-6331064026AA", "versionEndExcluding": "11.5\\(1\\)su3", "versionStartIncluding": "11.5", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:unified_communications_manager:10.5\\(2.10000.5\\):*:*:*:*:*:*:*", "matchCriteriaId": "520555C7-5E9B-4C76-AAB5-5DD8B29D18F0", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:unified_communications_manager:11.0\\(1.10000.10\\):*:*:*:*:*:*:*", "matchCriteriaId": "F47282B9-8B76-40E0-B72C-A6A196A37A0C", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:unified_communications_manager:11.5\\(1.10000.6\\):*:*:*:*:*:*:*", "matchCriteriaId": "21BFC3A9-B6B1-49EE-A93A-6432BFE33E84", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:unified_communications_manager:12.0:*:*:*:*:*:*:*", "matchCriteriaId": "05BD68E4-4296-49ED-B789-60B935210C28", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:cisco:unified_contact_center_express:*:*:*:*:*:*:*:*", "matchCriteriaId": "271E4847-9AF4-4DDC-82AB-3BE20F7A67F9", "versionEndExcluding": "11.6\\(1\\)", "versionStartIncluding": "11.6", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:unified_contact_center_express:9.0\\(2\\)su1.3:*:*:*:*:*:*:*", "matchCriteriaId": "31FFF48A-B174-4FD6-9626-E81B5BAE3B43", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:cisco:unified_intelligence_center:*:*:*:*:*:*:*:*", "matchCriteriaId": "E71D688D-BCF7-4587-A158-C347A3A985CA", "versionEndExcluding": "11.6\\(1\\)", "versionStartIncluding": "11.6", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:unified_intelligence_center:9.5\\(1\\):*:*:*:*:*:*:*", "matchCriteriaId": "924FD18E-A20D-4EBE-999E-866DADDE0CF3", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:cisco:unity_connection:*:*:*:*:*:*:*:*", "matchCriteriaId": "4F1EF97D-52BC-4A60-9A73-09BFAAD05DAD", "versionEndExcluding": "10.5su5", "versionStartIncluding": "10.5", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:unity_connection:*:*:*:*:*:*:*:*", "matchCriteriaId": "DFD34725-568D-4612-A84F-FF524D57F0E4", "versionEndExcluding": "11.5.1su3", "versionStartIncluding": "11.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:unity_connection:9.5\\(0.9\\)tt0:*:*:*:*:*:*:*", "matchCriteriaId": "0C5B4499-83A3-461B-AC8C-45BEABCBA1CE", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:unity_connection:12.0:*:*:*:*:*:*:*", "matchCriteriaId": "65D225AB-813B-4182-8916-0FE8307BB18B", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:cisco:virtualized_voice_browser:*:*:*:*:*:*:*:*", "matchCriteriaId": "A9928C83-6BEB-44AA-BB2E-AA2B9DC58BE4", "versionEndExcluding": "11.6\\(1\\)", "versionStartIncluding": "11.6", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Multiple Cisco products are affected by a vulnerability in local file management for certain system log files of Cisco collaboration products that could allow an unauthenticated, remote attacker to cause high disk utilization, resulting in a denial of service (DoS) condition. The vulnerability occurs because a certain system log file does not have a maximum size restriction. Therefore, the file is allowed to consume the majority of available disk space on the appliance. An attacker could exploit this vulnerability by sending crafted remote connection requests to the appliance. Successful exploitation could allow the attacker to increase the size of a system log file so that it consumes most of the disk space. The lack of available disk space could lead to a DoS condition in which the application functions could operate abnormally, making the appliance unstable. This vulnerability affects the following Cisco Voice Operating System (VOS)-based products: Emergency Responder, Finesse, Hosted Collaboration Mediation Fulfillment, MediaSense, Prime License Manager, SocialMiner, Unified Communications Manager (UCM), Unified Communications Manager IM and Presence Service (IM&P - earlier releases were known as Cisco Unified Presence), Unified Communication Manager Session Management Edition (SME), Unified Contact Center Express (UCCx), Unified Intelligence Center (UIC), Unity Connection, Virtualized Voice Browser. This vulnerability also affects Prime Collaboration Assurance and Prime Collaboration Provisioning. Cisco Bug IDs: CSCvd10872, CSCvf64322, CSCvf64332, CSCvi29538, CSCvi29543, CSCvi29544, CSCvi29546, CSCvi29556, CSCvi29571, CSCvi31738, CSCvi31741, CSCvi31762, CSCvi31807, CSCvi31818, CSCvi31823."}, {"lang": "es", "value": "M\u00faltiples productos Cisco se han visto afectados por una vulnerabilidad en la gesti\u00f3n de archivos locales para ciertos archivos de log del sistema de productos Cisco Collaboration que podr\u00edan permitir que un atacante remoto no autenticado provoque un gran uso del disco, lo que resulta en una condici\u00f3n de denegaci\u00f3n de servicio (DoS). La vulnerabilidad ocurre debido a que cierto archivo de registro del sistema no tiene una restricci\u00f3n de tama\u00f1o m\u00e1ximo. Por lo tanto, se permite que el archivo consuma la mayor\u00eda de espacio disponible en el dispositivo. Un atacante podr\u00eda explotar esta vulnerabilidad enviando peticiones de conexi\u00f3n remota manipuladas al dispositivo. La explotaci\u00f3n con \u00e9xito podr\u00eda permitir que el atacante aumente el tama\u00f1o de un archivo de log del sistema para que consuma casi todo el espacio del disco. La falta de espacio disponible en el disco podr\u00eda desembocar en una condici\u00f3n de denegaci\u00f3n de servicio (DoS) en la que las funciones de la aplicaci\u00f3n podr\u00edan operar de forma err\u00f3nea, haciendo que la aplicaci\u00f3n sea inestable. Esta vulnerabilidad afecta a los siguientes productos basados en Cisco Voice Operating System (VOS): Emergency Responder, Finesse, Hosted Collaboration Mediation Fulfillment, MediaSense, Prime License Manager, SocialMiner, Unified Communications Manager (UCM), Unified Communications Manager IM and Presence Service (IMP - earlier releases were known as Cisco Unified Presence), Unified Communication Manager Session Management Edition (SME), Unified Contact Center Express (UCCx), Unified Intelligence Center (UIC), Unity Connection y Virtualized Voice Browser. Esta vulnerabilidad tambi\u00e9n afecta a Prime Collaboration Assurance y Prime Collaboration Provisioning. Cisco Bug IDs: CSCvd10872, CSCvf64322, CSCvf64332, CSCvi29538, CSCvi29543, CSCvi29544, CSCvi29546, CSCvi29556, CSCvi29571, CSCvi31738, CSCvi31741, CSCvi31762, CSCvi31807, CSCvi31818 y CSCvi31823."}], "id": "CVE-2017-6779", "lastModified": "2019-10-09T23:29:16.983", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.8, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2018-06-07T12:29:00.260", "references": [{"source": "ykramarz@cisco.com", "tags": ["Vendor Advisory"], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-diskdos"}], "sourceIdentifier": "ykramarz@cisco.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-400"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-399"}], "source": "ykramarz@cisco.com", "type": "Secondary"}]}

{}