CVE-2017-6779

CVSS V2 High 7.8 CVSS V3 High 7.5
Description
Multiple Cisco products are affected by a vulnerability in local file management for certain system log files of Cisco collaboration products that could allow an unauthenticated, remote attacker to cause high disk utilization, resulting in a denial of service (DoS) condition. The vulnerability occurs because a certain system log file does not have a maximum size restriction. Therefore, the file is allowed to consume the majority of available disk space on the appliance. An attacker could exploit this vulnerability by sending crafted remote connection requests to the appliance. Successful exploitation could allow the attacker to increase the size of a system log file so that it consumes most of the disk space. The lack of available disk space could lead to a DoS condition in which the application functions could operate abnormally, making the appliance unstable. This vulnerability affects the following Cisco Voice Operating System (VOS)-based products: Emergency Responder, Finesse, Hosted Collaboration Mediation Fulfillment, MediaSense, Prime License Manager, SocialMiner, Unified Communications Manager (UCM), Unified Communications Manager IM and Presence Service (IM&P - earlier releases were known as Cisco Unified Presence), Unified Communication Manager Session Management Edition (SME), Unified Contact Center Express (UCCx), Unified Intelligence Center (UIC), Unity Connection, Virtualized Voice Browser. This vulnerability also affects Prime Collaboration Assurance and Prime Collaboration Provisioning. Cisco Bug IDs: CSCvd10872, CSCvf64322, CSCvf64332, CSCvi29538, CSCvi29543, CSCvi29544, CSCvi29546, CSCvi29556, CSCvi29571, CSCvi31738, CSCvi31741, CSCvi31762, CSCvi31807, CSCvi31818, CSCvi31823.
Overview
  • CVE ID
  • CVE-2017-6779
  • Assigner
  • ykramarz@cisco.com
  • Vulnerability Status
  • Modified
  • Published Version
  • 2018-06-07T12:29:00
  • Last Modified Date
  • 2019-10-09T23:29:16
Weakness Enumerations
CWE URL
CWE-400 http://cwe.mitre.org/data/definitions/400.html
CPE Configuration (Product)
CPE Vulnerable Operator Version Start Version End
cpe:2.3:a:cisco:emergency_responder:*:*:*:*:*:*:*:* 1 OR 10.5 10.5\(1a\)
cpe:2.3:a:cisco:emergency_responder:*:*:*:*:*:*:*:* 1 OR 11.0 11.5\(4\)
cpe:2.3:a:cisco:emergency_responder:*:*:*:*:*:*:*:* 1 OR 12.0 12.0su1
cpe:2.3:a:cisco:emergency_responder:11.0\(1.10000.10\):*:*:*:*:*:*:* 1 OR
cpe:2.3:a:cisco:finesse:*:*:*:*:*:*:*:* 1 OR 11.5 11.5\(3\)
cpe:2.3:a:cisco:finesse:9.5\(1\):*:*:*:*:*:*:* 1 OR
cpe:2.3:a:cisco:hosted_collaboration_mediation_fulfillment:*:*:*:*:*:*:*:* 1 OR 11.5 11.5\(3\)
cpe:2.3:a:cisco:hosted_collaboration_mediation_fulfillment:9.5\(1\):*:*:*:*:*:*:* 1 OR
cpe:2.3:a:cisco:mediasense:*:*:*:*:*:*:*:* 1 OR 11.5 11.5su2
cpe:2.3:a:cisco:mediasense:9.5\(1\):*:*:*:*:*:*:* 1 OR
cpe:2.3:a:cisco:prime_collaboration_assurance:*:*:*:*:*:*:*:* 1 OR 11.6 11.6_es16
cpe:2.3:a:cisco:prime_collaboration_assurance:*:*:*:*:*:*:*:* 1 OR 12.1 12.1_es2
cpe:2.3:a:cisco:prime_collaboration_provisioning:12.5:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:cisco:prime_license_manager:*:*:*:*:*:*:*:* 1 OR 10.5 10.5.2
cpe:2.3:a:cisco:prime_license_manager:*:*:*:*:*:*:*:* 1 OR 11.0 11.5\(1\)su5
cpe:2.3:a:cisco:socialminer:*:*:*:*:*:*:*:* 1 OR 11.6 11.6.1
cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:*:*:*:* 1 OR 10.0 10.5\(2\)su5
cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:*:*:*:* 1 OR 11.0 11.0\(1a\)su4
cpe:2.3:a:cisco:unified_communications_manager:*:*:*:*:*:*:*:* 1 OR 11.5 11.5\(1\)su3
cpe:2.3:a:cisco:unified_communications_manager:10.5\(2.10000.5\):*:*:*:*:*:*:* 1 OR
cpe:2.3:a:cisco:unified_communications_manager:11.0\(1.10000.10\):*:*:*:*:*:*:* 1 OR
cpe:2.3:a:cisco:unified_communications_manager:11.5\(1.10000.6\):*:*:*:*:*:*:* 1 OR
cpe:2.3:a:cisco:unified_communications_manager:12.0:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:cisco:unified_contact_center_express:*:*:*:*:*:*:*:* 1 OR 11.6 11.6\(1\)
cpe:2.3:a:cisco:unified_contact_center_express:9.0\(2\)su1.3:*:*:*:*:*:*:* 1 OR
cpe:2.3:o:cisco:unified_intelligence_center:*:*:*:*:*:*:*:* 1 OR 11.6 11.6\(1\)
cpe:2.3:o:cisco:unified_intelligence_center:9.5\(1\):*:*:*:*:*:*:* 1 OR
cpe:2.3:a:cisco:unity_connection:*:*:*:*:*:*:*:* 1 OR 10.5 10.5su5
cpe:2.3:a:cisco:unity_connection:*:*:*:*:*:*:*:* 1 OR 11.0 11.5.1su3
cpe:2.3:a:cisco:unity_connection:9.5\(0.9\)tt0:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:cisco:unity_connection:12.0:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:cisco:virtualized_voice_browser:*:*:*:*:*:*:*:* 1 OR 11.6 11.6\(1\)
CVSS Version 2
  • Version
  • 2.0
  • Vector String
  • AV:N/AC:L/Au:N/C:N/I:N/A:C
  • Access Vector
  • NETWORK
  • Access Compatibility
  • LOW
  • Authentication
  • NONE
  • Confidentiality Impact
  • NONE
  • Integrity Impact
  • NONE
  • Availability Impact
  • COMPLETE
  • Base Score
  • 7.8
  • Severity
  • HIGH
  • Exploitability Score
  • 10
  • Impact Score
  • 6.9
CVSS Version 3
  • Version
  • 3.0
  • Vector String
  • CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
  • Attack Vector
  • NETWORK
  • Attack Compatibility
  • LOW
  • Privileges Required
  • NONE
  • User Interaction
  • NONE
  • Scope
  • UNCHANGED
  • Confidentiality Impact
  • NONE
  • Availability Impact
  • HIGH
  • Base Score
  • 7.5
  • Base Severity
  • HIGH
  • Exploitability Score
  • 3.9
  • Impact Score
  • 3.6
References
Reference URL Reference Tags
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-diskdos Vendor Advisory
Sources
Source Name Source URL
NIST https://nvd.nist.gov/vuln/detail/CVE-2017-6779
MITRE https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6779
History
Created Old Value New Value Data Type Notes
2022-05-10 17:08:50 Added to TrackCVE
2022-12-03 07:27:46 psirt@cisco.com ykramarz@cisco.com CVE Assigner updated
2022-12-03 07:27:46 2018-06-07T12:29Z 2018-06-07T12:29:00 CVE Published Date updated
2022-12-03 07:27:46 2019-10-09T23:29:16 CVE Modified Date updated
2022-12-03 07:27:46 Modified Vulnerability Status updated