CNVD-2018-11346
Vulnerability from cnvd - Published: 2018-06-12
VLAI Severity ?
Title
多款Cisco产品资源管理错误漏洞
Description
Cisco Emergency Responder等都是美国思科(Cisco)公司的产品。Cisco Emergency Responder是一套IP通信系统中的应急呼叫软件。Finesse是一套下一代客户协作服务解决方案。
多款Cisco产品中本地文件的管理(用于对系统日志文件的管理)存在资源管理错误漏洞,该漏洞源于程序没有限制系统日志文件的最大值。远程攻击者可通过向设备发送远程连接请求利用该漏洞造成磁盘大量占用,造成拒绝服务。
Severity
高
Patch Name
多款Cisco产品资源管理错误漏洞的补丁
Patch Description
Cisco Emergency Responder等都是美国思科(Cisco)公司的产品。Cisco Emergency Responder是一套IP通信系统中的应急呼叫软件。Finesse是一套下一代客户协作服务解决方案。
多款Cisco产品中本地文件的管理(用于对系统日志文件的管理)存在资源管理错误漏洞,该漏洞源于程序没有限制系统日志文件的最大值。远程攻击者可通过向设备发送远程连接请求利用该漏洞造成磁盘大量占用,造成拒绝服务。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description
目前厂商已发布升级补丁以修复漏洞,补丁获取链接: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-diskdos
Reference
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-diskdos
Impacted products
| Name | ['Cisco Unified Presence', 'Cisco Finesse', 'Cisco SocialMiner', 'Cisco MediaSense', 'Cisco Unity Connection', 'Cisco Prime Collaboration Provisioning', 'Cisco Prime Collaboration Assurance', 'Cisco Unified Intelligence Center', 'Cisco Hosted Collaboration Mediation Fulfillment', 'Cisco Emergency Responder', 'Cisco Unified Communications Manager (UCM) 0', 'Cisco Unified Contact Center Express', 'Cisco Prime License Manager', 'Cisco Unified Communications Manager IM and Presence Service (IM&P)', 'Cisco Unified Communication Manager Session Management Edition (SME)', 'Cisco Virtualized Voice Browser'] |
|---|
{
"cves": {
"cve": {
"cveNumber": "CVE-2017-6779"
}
},
"description": "Cisco Emergency Responder\u7b49\u90fd\u662f\u7f8e\u56fd\u601d\u79d1\uff08Cisco\uff09\u516c\u53f8\u7684\u4ea7\u54c1\u3002Cisco Emergency Responder\u662f\u4e00\u5957IP\u901a\u4fe1\u7cfb\u7edf\u4e2d\u7684\u5e94\u6025\u547c\u53eb\u8f6f\u4ef6\u3002Finesse\u662f\u4e00\u5957\u4e0b\u4e00\u4ee3\u5ba2\u6237\u534f\u4f5c\u670d\u52a1\u89e3\u51b3\u65b9\u6848\u3002\r\n\r\n\u591a\u6b3eCisco\u4ea7\u54c1\u4e2d\u672c\u5730\u6587\u4ef6\u7684\u7ba1\u7406\uff08\u7528\u4e8e\u5bf9\u7cfb\u7edf\u65e5\u5fd7\u6587\u4ef6\u7684\u7ba1\u7406\uff09\u5b58\u5728\u8d44\u6e90\u7ba1\u7406\u9519\u8bef\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7a0b\u5e8f\u6ca1\u6709\u9650\u5236\u7cfb\u7edf\u65e5\u5fd7\u6587\u4ef6\u7684\u6700\u5927\u503c\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u5411\u8bbe\u5907\u53d1\u9001\u8fdc\u7a0b\u8fde\u63a5\u8bf7\u6c42\u5229\u7528\u8be5\u6f0f\u6d1e\u9020\u6210\u78c1\u76d8\u5927\u91cf\u5360\u7528\uff0c\u9020\u6210\u62d2\u7edd\u670d\u52a1\u3002",
"discovererName": "Cisco",
"formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-diskdos",
"isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
"number": "CNVD-2018-11346",
"openTime": "2018-06-12",
"patchDescription": "Cisco Emergency Responder\u7b49\u90fd\u662f\u7f8e\u56fd\u601d\u79d1\uff08Cisco\uff09\u516c\u53f8\u7684\u4ea7\u54c1\u3002Cisco Emergency Responder\u662f\u4e00\u5957IP\u901a\u4fe1\u7cfb\u7edf\u4e2d\u7684\u5e94\u6025\u547c\u53eb\u8f6f\u4ef6\u3002Finesse\u662f\u4e00\u5957\u4e0b\u4e00\u4ee3\u5ba2\u6237\u534f\u4f5c\u670d\u52a1\u89e3\u51b3\u65b9\u6848\u3002\r\n\r\n\u591a\u6b3eCisco\u4ea7\u54c1\u4e2d\u672c\u5730\u6587\u4ef6\u7684\u7ba1\u7406\uff08\u7528\u4e8e\u5bf9\u7cfb\u7edf\u65e5\u5fd7\u6587\u4ef6\u7684\u7ba1\u7406\uff09\u5b58\u5728\u8d44\u6e90\u7ba1\u7406\u9519\u8bef\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7a0b\u5e8f\u6ca1\u6709\u9650\u5236\u7cfb\u7edf\u65e5\u5fd7\u6587\u4ef6\u7684\u6700\u5927\u503c\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u5411\u8bbe\u5907\u53d1\u9001\u8fdc\u7a0b\u8fde\u63a5\u8bf7\u6c42\u5229\u7528\u8be5\u6f0f\u6d1e\u9020\u6210\u78c1\u76d8\u5927\u91cf\u5360\u7528\uff0c\u9020\u6210\u62d2\u7edd\u670d\u52a1\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
"patchName": "\u591a\u6b3eCisco\u4ea7\u54c1\u8d44\u6e90\u7ba1\u7406\u9519\u8bef\u6f0f\u6d1e\u7684\u8865\u4e01",
"products": {
"product": [
"Cisco Unified Presence",
"Cisco Finesse",
"Cisco SocialMiner",
"Cisco MediaSense",
"Cisco Unity Connection",
"Cisco Prime Collaboration Provisioning",
"Cisco Prime Collaboration Assurance",
"Cisco Unified Intelligence Center",
"Cisco Hosted Collaboration Mediation Fulfillment",
"Cisco Emergency Responder",
"Cisco Unified Communications Manager (UCM) 0",
"Cisco Unified Contact Center Express",
"Cisco Prime License Manager",
"Cisco Unified Communications Manager IM and Presence Service (IM\u0026P\uff09",
"Cisco Unified Communication Manager Session Management Edition (SME)",
"Cisco Virtualized Voice Browser"
]
},
"referenceLink": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-diskdos",
"serverity": "\u9ad8",
"submitTime": "2018-06-12",
"title": "\u591a\u6b3eCisco\u4ea7\u54c1\u8d44\u6e90\u7ba1\u7406\u9519\u8bef\u6f0f\u6d1e"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…