Summary

• Multiple Cisco products are affected by a vulnerability in local file management for certain system log files of Cisco collaboration products that could allow an unauthenticated, remote attacker to cause high disk utilization, resulting in a denial of service (DoS) condition.

  The vulnerability occurs because a certain system log file does not have a maximum size restriction. Therefore, the file is allowed to consume the majority of available disk space on the appliance. An attacker could exploit this vulnerability by sending crafted remote connection requests to the appliance. Successful exploitation could allow the attacker to increase the size of a system log file so that it consumes most of the disk space. The lack of available disk space could lead to a DoS condition in which the application functions could operate abnormally, making the appliance unstable.
  
  Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
  
  This advisory is available at the following link:
  https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-diskdos

Affected Products

• Vulnerable Products

  This vulnerability affects the following Cisco Voice Operating System (VOS)-based products:

  • Emergency Responder
  • Finesse
  • Hosted Collaboration Mediation Fulfillment
  • MediaSense
  • Prime License Manager
  • SocialMiner
  • Unified Communications Manager (UCM)
  • Unified Communications Manager IM and Presence Service (IM&P); earlier releases were known as Cisco Unified Presence
  • Unified Communication Manager Session Management Edition (SME)
  • Unified Contact Center Express (UCCx)
  • Unified Intelligence Center (UIC)
  • Unity Connection
  • Virtualized Voice Browser

  This vulnerability also affects the following Cisco products:

  • Prime Collaboration Assurance
  • Prime Collaboration Provisioning

  Determining the Current Software Release from the CLI

  To determine which software release is running on a platform, administrators can issue the show version active command in the CLI.

  In the following example, the software release is 11.5.1.10000-86:

  ciscocm: show version active
  Active Master Version: 11.5.1.10000-86

  Determining the Current Software Release for the Cisco Unified or Contact Center Platform

  Administrators can use the UI to determine which Cisco product software release is running:

  1. Log in to the web-based interface
  2. Choose Help > About to view the system software release

  Administrators can use the UI to determine which Cisco Contact Center platform–based product software release is running:

  1. Log in to the Cisco Contact Center Express server
  2. Go to the Cisco Unified Communications operating system administration window
  3. Choose Show > Software

  Products Confirmed Not Vulnerable

  Only products listed in the Vulnerable Products section of this advisory are known to be affected by this vulnerability.

  Cisco has confirmed that this vulnerability does not affect the following Cisco products:
  

  • Identity Service (IdS) 11.5 and 11.6
  • Prime Collaboration Deployment

Indicators of Compromise

• Exploitation of this vulnerability could cause the user to observe the following error in device logs:

  ./hssi_defines.sh: line ###: echo: write error: No space left on device

  Administrators who observe this error are advised to contact the Cisco Technical Assistance Center (TAC) to determine whether the device has been compromised by exploitation of this vulnerability.

Workarounds

• There are no workarounds that address this vulnerability.

Fixed Software

• Cisco has released free software updates that address the vulnerability described in this advisory. Customers may only install and expect support for software versions and feature sets for which they have purchased a license. By installing, downloading, accessing, or otherwise using such software upgrades, customers agree to follow the terms of the Cisco software license:
  https://www.cisco.com/c/en/us/products/end-user-license-agreement.html

  Additionally, customers may only download software for which they have a valid license, procured from Cisco directly, or through a Cisco authorized reseller or partner. In most cases this will be a maintenance upgrade to software that was previously purchased. Free security software updates do not entitle customers to a new software license, additional software feature sets, or major revision upgrades.

  When considering software upgrades, customers are advised to regularly consult the advisories for Cisco products, which are available from the Cisco Security Advisories and Alerts page, to determine exposure and a complete upgrade solution.

  In all cases, customers should ensure that the devices to be upgraded contain sufficient memory and confirm that current hardware and software configurations will continue to be supported properly by the new release. If the information is not clear, customers are advised to contact the Cisco Technical Assistance Center (TAC) or their contracted maintenance providers.

  Customers Without Service Contracts

  Customers who purchase directly from Cisco but do not hold a Cisco service contract and customers who make purchases through third-party vendors but are unsuccessful in obtaining fixed software through their point of sale should obtain upgrades by contacting the Cisco TAC:
  https://www.cisco.com/c/en/us/support/web/tsd-cisco-worldwide-contacts.html

  Customers should have the product serial number available and be prepared to provide the URL of this advisory as evidence of entitlement to a free upgrade.

  Fixed Releases

  Emergency Responder: CSCvf64322
  
  The Emergency Responder Software can be downloaded from the Software Center on Cisco.com by navigating to Products > Unified Communications > Telephony Extensions > Emergency Responder.
  

  Emergency Responder Release	First Fixed Release for This Vulnerability
  Prior to 10.5	Vulnerable; migrate to 10.5(1a)
  10.5	10.5(1a) (future release)1
  11.0	Vulnerable; migrate to 11.5(4)
  11.5	11.5(4)
  12.0	12.0SU1

  ¹The COP file ciscocm.cer_CSCvf64322.cop.sgn is available from the Software Center on Cisco.com.
  
  Finesse: CSCvi29556
  
  The Finesse Software can be downloaded from the Software Center on Cisco.com by navigating to Products > Customer Collaboration > Options for Contact Center Solutions > Finesse > Finesse Software.

  Finesse Release	First Fixed Release for This Vulnerability
  Prior to 11.6	Vulnerable; migrate to 11.6(1)
  11.6	11.6(1)

  Hosted Collaboration Mediation Fulfillment: CSCvi31738

  The Hosted Collaboration Mediation Fulfillment Software can be downloaded from the Software Center on Cisco.com by navigating to Products > Unified Communications > Call Control > Hosted Collaboration > Hosted Collaboration Solution (HCS).
  
  

  Hosted Collaboration Mediation Fulfillment Release	First Fixed Release for This Vulnerability
  Prior to 11.5	Vulnerable; migrate to 11.5(3)
  11.5	11.5(3)

  MediaSense: CSCvi29546
  
  The MediaSense Software can be downloaded from the Software Center on Cisco.com by navigating to Products > Customer Collaboration > Options for Contact Center Solutions > MediaSense > MediaSense Software.
  

  MediaSense Release	First Fixed Release for This Vulnerability
  Prior to 11.5	Vulnerable; migrate to 11.5SU2
  11.5	11.5SU2

  Prime Collaboration Assurance: CSCvi31818
  
  The Prime Collaboration Assurance Software can be downloaded from the Software Center on Cisco.com by navigating to Products > Cloud and Systems Management > Collaboration and Unified Communications Management > Prime Collaboration.
  

  Prime Collaboration Assurance Release	First Fixed Release for This Vulnerability
  Prior to 11.6	Vulnerable; migrate to 11.6 ES16
  11.6	11.6 ES16
  12.1	12.1 ES2

  Prime Collaboration Provisioning: CSCvi31741
  
  The Prime Collaboration Provisioning Software can be downloaded from the Software Center on Cisco.com by navigating to Products > Cloud and Systems Management > Collaboration and Unified Communications Management > Prime Collaboration.
  

  Prime Collaboration Provisioning Release	First Fixed Release for This Vulnerability
  Prior to 12.5	Vulnerable; migrate to 12.5
  12.5	12.5

  
  Prime License Manager: CSCvi31807
  
  The Prime License Manager Software can be downloaded from the Software Center on Cisco.com by navigating to Products > Unified Communications > Unified Communications Management > Prime License Manager > Prime License Manager Software Updates.
  
  

  Prime License Manager Release	First Fixed Release for This Vulnerability
  Prior to 10.5	Vulnerable; migrate to plm_10_5_2 - 10.5.2.13001-11
  10.5	plm_10_5_2 - 10.5.2.13001-1
  11.0	Vulnerable; migrate to 11.5(1)SU5
  11.5	11.5(1)SU5

  SocialMiner: CSCvi29544
  
  The SocialMiner Software can be downloaded from the Software Center on Cisco.com by navigating to Products > Customer Collaboration > Options for Contact Center Solutions > SocialMiner > SocialMiner Software.

  SocialMiner Release	First Fixed Release for This Vulnerability
  Prior to 11.6	Vulnerable; migrate to 11.6.1
  11.6	11.6.1

  Unified Communications Manager and Unified Communication Manager Session Management Edition: CSCvd10872
  
  The Unified Communications Manager Software can be downloaded from the Software Center on Cisco.com by navigating to Products > Unified Communications > Call Control > Unified Communications Manager (CallManager).

  Unified Communications Manager Release	First Fixed Release for This Vulnerability
  Prior to 10.0	Vulnerable; migrate to 10.5(2)SU5 or later
  10.0	Vulnerable; migrate to 10.5(2)SU5 or later
  10.5	10.5(2)SU5
  11.0	11.0(1a)SU4
  11.5	11.5(1)SU3
  12.0	Not vulnerable

  Unified Communications Manager IM and Presence Service: CSCvi29543
  
  The Unified Communications Manager IM and Presence Service Software can be downloaded from the Software Center on Cisco.com by navigating to Products > Unified Communications > Unified Communications Applications > Presence Software > Unified Communications Manager IM & Presence Service.

  Unified Communications Manager IM and Presence Service Release	First Fixed Release for This Vulnerability
  Prior to 10.5	Vulnerable; migrate to 10.5.2 SU4
  10.5	10.5.2SU4
  11.0	Vulnerable; migrate to 11.5(1)SU4
  11.5	11.5(1)SU4

  Unified Contact Center Express: CSCvi29538
  

  The Unified Contact Center Express Software can be downloaded from the Software Center on Cisco.com by navigating to Products > Customer Collaboration > Options for Contact Center Solutions > Unified IP Interactive Voice Response (IVR).
  
  

  Unified Contact Center Express Release	First Fixed Release for This Vulnerability
  Prior to 11.6	Vulnerable; migrate to 11.6(1)
  11.6	11.6(1)

  Unified Intelligence Center: CSCvi29571
  
  The Unified Intelligence Center Software can be downloaded from the Software Center on Cisco.com by navigating to Products > Customer Collaboration > Options for Contact Center Solutions > Unified Intelligence Center > Unified Intelligence Center Software.

  Unified Intelligence Center Release	First Fixed Release for This Vulnerability
  Prior to 11.6	Vulnerable; migrate to 11(6).1
  11.6	11.6(1)

  Unity Connection: CSCvf64332
  
  The Unity Connection Software can be downloaded from the Software Center on Cisco.com by navigating to Products > Unified Communications > Unified Communications Applications > Messaging > Unity Connection.

  Unity Connection Release	First Fixed Release for This Vulnerability
  Prior to 10.5	Vulnerable; migrate to 10.5SU5
  10.5	10.5SU5
  11.0	Vulnerable; migrate to 11.5(1)SU3
  11.5	11.5.1SU3
  12.0	Not vulnerable

  Virtualized Voice Browser: CSCvi31823
  
  The Virtualized Voice Browser Software can be downloaded from the Software Center on Cisco.com by navigating to Products > Customer Collaboration > Options for Contact Center Solutions > Virtualized Voice Browser.

  Virtualized Voice Browser Release	First Fixed Release for This Vulnerability
  Prior to 11.6	Vulnerable; migrate to 11.6(1)
  11.6	11.6(1)

Exploitation and Public Announcements

• The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.

Source

• This vulnerability was found during the resolution of a Cisco TAC support case.

URL

• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-diskdos

Revision History

• Version	Description	Section	Status	Date
  1.1	Updated the Fixed Release table for Prime License Manager.	Fixed Software	Final	2018-July-02
  1.0	Initial public release.	—	Final	2018-June-06

  Show Less