Home

CVE-2017-6779

Description

Multiple Cisco products are affected by a vulnerability in local file management for certain system log files of Cisco collaboration products that could allow an unauthenticated, remote attacker to cause high disk utilization, resulting in a denial of service (DoS) condition. The vulnerability occurs because a certain system log file does not have a maximum size restriction. Therefore, the file is allowed to consume the majority of available disk space on the appliance. An attacker could exploit this vulnerability by sending crafted remote connection requests to the appliance. Successful exploitation could allow the attacker to increase the size of a system log file so that it consumes most of the disk space. The lack of available disk space could lead to a DoS condition in which the application functions could operate abnormally, making the appliance unstable. This vulnerability affects the following Cisco Voice Operating System (VOS)-based products: Emergency Responder, Finesse, Hosted Collaboration Mediation Fulfillment, MediaSense, Prime License Manager, SocialMiner, Unified Communications Manager (UCM), Unified Communications Manager IM and Presence Service (IM&P - earlier releases were known as Cisco Unified Presence), Unified Communication Manager Session Management Edition (SME), Unified Contact Center Express (UCCx), Unified Intelligence Center (UIC), Unity Connection, Virtualized Voice Browser. This vulnerability also affects Prime Collaboration Assurance and Prime Collaboration Provisioning. Cisco Bug IDs: CSCvd10872, CSCvf64322, CSCvf64332, CSCvi29538, CSCvi29543, CSCvi29544, CSCvi29546, CSCvi29556, CSCvi29571, CSCvi31738, CSCvi31741, CSCvi31762, CSCvi31807, CSCvi31818, CSCvi31823.

Risk Information

Base Score
7.5
MODERATE
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS Score
Exploitation Probability
1.275

Associated Vulnerability

VulnerabilityOS Platform
Multiple Cisco Products Disk Utilization Denial of Service Vulnerability For Cisco Emergency ResponderNCM
Multiple Cisco Products Disk Utilization Denial of Service Vulnerability For Cisco Unity ConnectionNCM
Multiple Cisco Products Disk Utilization Denial of Service Vulnerability For Cisco Unified Communications Manager (CallManager)NCM
Multiple Cisco Products Disk Utilization Denial of Service Vulnerability For Cisco Unified Contact Center ExpressNCM
Multiple Cisco Products Disk Utilization Denial of Service Vulnerability For Cisco Unified Communications Manager IM & Presence ServiceNCM
Multiple Cisco Products Disk Utilization Denial of Service Vulnerability For Cisco SocialMinerNCM
Multiple Cisco Products Disk Utilization Denial of Service Vulnerability For Cisco MediaSenseNCM
Multiple Cisco Products Disk Utilization Denial of Service Vulnerability For Cisco FinesseNCM
Multiple Cisco Products Disk Utilization Denial of Service Vulnerability For Cisco Unified Intelligence CenterNCM
Multiple Cisco Products Disk Utilization Denial of Service Vulnerability For Cisco Hosted Collaboration Solution (HCS)NCM
Multiple Cisco Products Disk Utilization Denial of Service Vulnerability For Cisco Prime CollaborationNCM
Multiple Cisco Products Disk Utilization Denial of Service Vulnerability For Cisco Unified Contact Center EnterpriseNCM
Uncontrolled Resource Consumption Vulnerability (CVE-2017-6779)NCM
CVE-2017-6779NCM

Patch Details

Click to see the patches provided by ManageEngine for this CVE
Patch IDPatch Description
PATCH-1706049Security Update for Cisco Emergency Responder 12.0(0.98000.50)
PATCH-1706048Security Update for Cisco Unity Connection 12.0(0.97000.184)
PATCH-1706016Security Update for Cisco Unified Communications Manager (CallManager) CUP.11.5(1.12900.25)
PATCH-1706052Security Update for Cisco Unified Contact Center Express 11.6(1)
PATCH-1706022Security Update for Cisco Unified Communications Manager IM & Presence Service CUP.11.5(1.12900.25)
PATCH-1704708Security Update for Cisco SocialMiner 12.0(0.99000.293)
PATCH-1705879Security Update for Cisco MediaSense 11.5(1.10000.6)
PATCH-1705887Security Update for Cisco Finesse 11.5(0.98000.126)
PATCH-1705886Security Update for Cisco Unified Intelligence Center 11.5(0.98000.126)
PATCH-1706050Security Update for Cisco Hosted Collaboration Solution (HCS) 11.5(1.93540.24)
PATCH-1705997Security Update for Cisco Prime Collaboration 11.0(0.815)
PATCH-1705943Security Update for Cisco Unified Contact Center Enterprise 11.6(1)SR0(0)

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234