Remote Attack Vulnerability in Microsoft Forefront Unified Access Gateway 2010
CVE-2018-12571

9.8CRITICAL

Key Information:

Vendor
Microsoft
Status
Forefront Unified Access Gateway
Vendor
CVE Published:
5 July 2018

Summary

The vulnerability in Microsoft Forefront Unified Access Gateway 2010 permits remote attackers to send specially crafted URLs through the orig_url parameter. This can trigger arbitrary outbound DNS queries, leading to potential traffic amplification or Server-Side Request Forgery (SSRF). Attackers may exploit this flaw to manipulate DNS requests, resulting in unintended network exposure and compromising system integrity.

References

http://seclists.org/fulldisclosure/2018/Jul/2
mailing-listx_refsource_FULLDISC
http://www.securitytracker.com/id/1041212
vdb-entryx_refsource_SECTRACK
http://packetstormsecurity.com/files/148389/Microsoft-For...
x_refsource_MISC

EPSS Score

5% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.