Privilege Escalation in Cisco Content Security Management Appliance
CVE-2015-4322

Currently unrated

Key Information:

Vendor: Cisco
Status: Content Security Management Appliance
Vendor: CVE Published:; 19 August 2015

Summary

The Cisco Content Security Management Appliance suffers from a privilege escalation vulnerability that arises due to inadequate restrictions on user permissions following LDAP authentication. This flaw permits remote authenticated users to access the Spam Quarantine folders of other users. By exploiting this vulnerability through a spam-notification URL, malicious actors could read or modify sensitive information from arbitrary users’ quarantined spam messages, thereby compromising the privacy and integrity of user data.

References

http://www.securityfocus.com/bid/76365

vdb-entryx_refsource_BID

http://tools.cisco.com/security/center/viewAlert.x?alertI...

vendor-advisoryx_refsource_CISCO

http://www.securitytracker.com/id/1033322

vdb-entryx_refsource_SECTRACK

Timeline

Vulnerability published
Aug 19, 2015
Vulnerability Reserved
Jun 4, 2015