CVE-2017-6779

Name of the Vulnerable Software and Affected Versions Cisco Voice Operating System (VOS)-based products versions (affected versions not specified) Cisco Emergency Responder versions (affected versions not specified) Cisco Finesse versions (affected versions not specified) Cisco Hosted Collaboration Mediation Fulfillment versions (affected versions not specified) Cisco MediaSense versions (affected versions not specified) Cisco Prime License Manager versions (affected versions not specified) Cisco SocialMiner versions (affected versions not specified) Cisco Unified Communications Manager (UCM) versions (affected versions not specified) Cisco Unified Communications Manager IM and Presence Service (IM&P) versions (affected versions not specified) Cisco Unified Communication Manager Session Management Edition (SME) versions (affected versions not specified) Cisco Unified Contact Center Express (UCCx) versions (affected versions not specified) Cisco Unified Intelligence Center (UIC) versions (affected versions not specified) Cisco Unity Connection versions (affected versions not specified) Cisco Virtualized Voice Browser versions (affected versions not specified) Cisco Prime Collaboration Assurance versions (affected versions not specified) Cisco Prime Collaboration Provisioning versions (affected versions not specified)

Description A vulnerability in local file management for certain system log files of Cisco collaboration products could allow an unauthenticated, remote attacker to cause high disk utilization, resulting in a denial of service (DoS) condition. The vulnerability occurs because a certain system log file does not have a maximum size restriction, allowing it to consume the majority of available disk space on the appliance. An attacker could exploit this vulnerability by sending crafted remote connection requests to the appliance, increasing the size of a system log file and potentially leading to a DoS condition.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.