CISCO-SA-20180606-DISKDOS
Multiple Cisco products are affected by a vulnerability in local file management for certain system log files of Cisco collaboration products that could allow an unauthenticated, remote attacker to cause high disk utilization, resulting in a denial of service (DoS) condition. The vulnerability occurs because a certain system log file does not have a maximum size restriction. Therefore, the file is allowed to consume the majority of available disk space on the appliance. An attacker could exploit this vulnerability by sending crafted remote connection requests to the appliance. Successful exploitation could allow the attacker to increase the size of a system log file so that it consumes most of the disk space. The lack of available disk space could lead to a DoS condition in which the application functions could operate abnormally, making the appliance unstable. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-diskdos ["https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-diskdos"]
Risk Scores
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cisco MediaSense | ||
| Cisco Prime Collaboration Provisioning | ||
| Cisco Unified Communications Manager IM and Presence Service | ||
| Cisco Prime Collaboration Assurance | ||
| Cisco Unified Intelligence Center | ||
| Cisco Prime License Manager | ||
| Cisco Emergency Responder | ||
| Cisco Virtualized Voice Browser | ||
| Cisco Hosted Collaboration Mediation Fulfillment | ||
| Cisco Finesse | ||
| Cisco Unity Connection | ||
| Cisco Unified Communications Manager | ||
| Cisco Unified Contact Center Express | ||
| Cisco Prime Collaboration Deployment | ||
| Cisco SocialMiner |
Timeline
- Jun 6, 2018 CVE Published
- Jul 2, 2018 CVE Updated
References
- https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-diskdos advisory
- https://sec.cloudapps.cisco.com/security/center/resources/security_vulnerability_policy.html url
- https://www.cisco.com/c/en/us/products/end-user-license-agreement.html url
- http://www.cisco.com/go/psirt url
- https://www.cisco.com/c/en/us/support/web/tsd-cisco-worldwide-contacts.html url
- https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvf64322 url
- https://software.cisco.com/download/navigator.html url
- https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvi29556 url
- https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvi31738 url
- https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvi29546 url
- https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvi31818 url
- https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvi31741 url
- https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvi31807 url
- https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvi29544 url
- https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvd10872 url
- https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvi29543 url
- https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvi29538 url
- https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvi29571 url
- https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvf64332 url
- https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvi31823 url
…and 1 more