CVE-2015-4184 — Improper Input Validation in Cisco Email Security Appliance

CWE-20 — Improper Input Validation5 documents4 sources
Severity
5.0MEDIUMNVD
EPSS
0.6%
top 31.19%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Cisco Email Security Appliance
Timeline
PublishedJun 13
Latest updateMay 17

Description

The anti-spam scanner on Cisco Email Security Appliance (ESA) devices 3.3.1-09, 7.5.1-gpl-022, and 8.5.6-074 allows remote attackers to bypass intended e-mail restrictions via a malformed DNS SPF record, aka Bug IDs CSCuu35853 and CSCuu37733.

CVSS vector

AV:N/AC:L/C:N/I:P/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

â–¶NVDcisco/email_security_appliance3.331-09, 7.5.1-gpl-022, 8.5.6-074+2

🔴Vulnerability Details

2
GHSA
GHSA-f98j-x99g-pj9q: The anti-spam scanner on Cisco Email Security Appliance (ESA) devices 3↗2022-05-17
â–¶
CVEList
CVE-2015-4184: The anti-spam scanner on Cisco Email Security Appliance (ESA) devices 3↗2015-06-13
â–¶

📋Vendor Advisories

2
Cisco
Cisco Email Security Appliance Anti-Spam Scanner Bypass Vulnerability↗2015-06-12
â–¶
Cisco
Cisco Email Security Appliance Anti-Spam Scanner Bypass Vulnerability↗2015-06-12
â–¶
CVE-2015-4184 — Improper Input Validation in Cisco | cvebase