漏洞标题
N/A
漏洞描述信息
多个Cisco产品受到Cisco协作产品某些系统日志文件 local file management 方面的漏洞影响,这可能导致无授权的远程攻击者造成磁盘使用率过高,从而导致拒绝服务(DoS)情况发生。该漏洞的原因是某些系统日志文件没有最大容量限制。因此,文件允许在设备的可用磁盘空间中使用大部分。攻击者可以通过向设备发送精心构造的远程连接请求来利用此漏洞。成功利用此漏洞可以让攻击者增加系统日志文件的大小,使其占用大部分磁盘空间。缺乏可用磁盘空间可能导致DoS情况发生,从而使设备变得不稳定。该漏洞影响了以下基于Cisco语音操作系统(VOS)的产品:紧急响应者,精eues, hosted Collaboration Mediation 完成,MediaSense,主许可管理器,SocialMiner,统一通信管理器(UCM),统一通信管理器 IM 和存在服务(IM&P -早期版本被称为Cisco 统一存在),统一通信管理器会话管理版(SME),统一 Contact Center Express (UCCx),统一 Intelligence Center (UIC),Unity 连接,虚拟语音浏览器。该漏洞还影响Prime Collaboration Provisioning和Prime Collaboration Assurance。Cisco Bug ID: CSCvd10872, CSCvf64322, CSCvf64332, CSCvi29538, CSCvi29543, CSCvi29544, CSCvi29546, CSCvi29556, CSCvi29571, CSCvi31738, CSCvi31741, CSCvi31762, CSCvi31807, CSCvi31818, CSCvi31823。
CVSS信息
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
漏洞类别
N/A
漏洞标题
N/A
漏洞描述信息
Multiple Cisco products are affected by a vulnerability in local file management for certain system log files of Cisco collaboration products that could allow an unauthenticated, remote attacker to cause high disk utilization, resulting in a denial of service (DoS) condition. The vulnerability occurs because a certain system log file does not have a maximum size restriction. Therefore, the file is allowed to consume the majority of available disk space on the appliance. An attacker could exploit this vulnerability by sending crafted remote connection requests to the appliance. Successful exploitation could allow the attacker to increase the size of a system log file so that it consumes most of the disk space. The lack of available disk space could lead to a DoS condition in which the application functions could operate abnormally, making the appliance unstable. This vulnerability affects the following Cisco Voice Operating System (VOS)-based products: Emergency Responder, Finesse, Hosted Collaboration Mediation Fulfillment, MediaSense, Prime License Manager, SocialMiner, Unified Communications Manager (UCM), Unified Communications Manager IM and Presence Service (IM&P - earlier releases were known as Cisco Unified Presence), Unified Communication Manager Session Management Edition (SME), Unified Contact Center Express (UCCx), Unified Intelligence Center (UIC), Unity Connection, Virtualized Voice Browser. This vulnerability also affects Prime Collaboration Assurance and Prime Collaboration Provisioning. Cisco Bug IDs: CSCvd10872, CSCvf64322, CSCvf64332, CSCvi29538, CSCvi29543, CSCvi29544, CSCvi29546, CSCvi29556, CSCvi29571, CSCvi31738, CSCvi31741, CSCvi31762, CSCvi31807, CSCvi31818, CSCvi31823.
CVSS信息
N/A
漏洞类别
资源管理错误
漏洞标题
多款Cisco产品资源管理错误漏洞
漏洞描述信息
Cisco Emergency Responder等都是美国思科(Cisco)公司的产品。Cisco Emergency Responder是一套IP通信系统中的应急呼叫软件。Finesse是一套下一代客户协作服务解决方案。 多款Cisco产品中本地文件的管理(用于对系统日志文件的管理)存在资源管理错误漏洞,该漏洞源于程序没有限制系统日志文件的最大值。远程攻击者可通过向设备发送远程连接请求利用该漏洞造成磁盘大量占用,造成拒绝服务。以下产品受到影响:Cisco Emergency Responder;Fin
CVSS信息
N/A
漏洞类别
资源管理错误