Remote Access Vulnerability in Cisco Email Security Appliance and Content Security Management Appliance
CVE-2018-0140

6.5MEDIUM

Key Information:

Vendor
Cisco
Status
Cisco Email Security Appliance And Cisco Content Security Management Appliance
Vendor
CVE Published:
8 February 2018

Summary

A vulnerability exists in the spam quarantine feature of Cisco Email Security Appliance and Cisco Content Security Management Appliance. It can be exploited by an authenticated, remote attacker who can manipulate browser string information to gain unauthorized access to messages in the spam quarantine. This vulnerability arises from insufficient verification of user accounts, enabling attackers to view quarantined messages submitted by other users within the organization. It underscores the need for robust security measures to protect sensitive information from unauthorized access.

Affected Version(s)

Cisco Email Security Appliance and Cisco Content Security Management Appliance Cisco Email Security Appliance and Cisco Content Security Management Appliance

References

http://www.securitytracker.com/id/1040339
vdb-entryx_refsource_SECTRACK
https://tools.cisco.com/security/center/content/CiscoSecu...
x_refsource_CONFIRM
http://www.securityfocus.com/bid/103090
vdb-entryx_refsource_BID

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.