CVE-2018-0203Cisco Unity Connection vulnerability

CWE-196 documents5 sources
Severity
5.3MEDIUMNVD
EPSS
0.7%
top 26.85%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Cisco Unity Connection
Timeline
PublishedFeb 22
Latest updateMay 26

Description

A vulnerability in the SMTP relay of Cisco Unity Connection could allow an unauthenticated, remote attacker to send unsolicited email messages, aka a Mail Relay Vulnerability. The vulnerability is due to improper handling of domain information in the affected software. An unauthenticated, remote attacker could exploit this vulnerability by sending crafted requests to the targeted application. A successful exploit could allow the attacker to send email messages to arbitrary addresses. Cisco Bug I

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages1 packages

CVEListV5cisco/cisco_unity_connectionCisco Unity Connection

🔴Vulnerability Details

4
OSV
subversion vulnerabilities2022-05-26
GHSA
GHSA-g977-q8vq-h243: A vulnerability in the SMTP relay of Cisco Unity Connection could allow an unauthenticated, remote attacker to send unsolicited email messages, aka a2022-05-13
OSV
subversion vulnerabilities2019-07-31
CVEList
CVE-2018-0203: A vulnerability in the SMTP relay of Cisco Unity Connection could allow an unauthenticated, remote attacker to send unsolicited email messages, aka a2018-02-22

📋Vendor Advisories

1
Cisco
Cisco Unity Connection Mail Relay Vulnerability2018-02-22
CVE-2018-0203 — Cisco Unity Connection vulnerability | cvebase