CVE-2018-0447 — Improper Access Control in Cisco Email Security Appliance

CWE-284 — Improper Access Control CWE-20 — Improper Input Validation4 documents4 sources

Severity

5.3MEDIUMNVD

EPSS

0.2%

top 52.51%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Email Security Appliance

Timeline

PublishedOct 5

Latest updateMay 13

Description

A vulnerability in the anti-spam protection mechanisms of Cisco AsyncOS Software for the Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to bypass certain content filters on an affected device. The vulnerability is due to incomplete input and validation checking mechanisms for certain Sender Policy Framework (SPF) messages that are sent to an affected device. An attacker could exploit this vulnerability by sending a customized SPF packet to an affected device…

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages1 packages

▶CVEListV5cisco/cisco_email_security_appliancen/a

🔴Vulnerability Details

GHSA

GHSA-6x9p-wvp8-hwgq: A vulnerability in the anti-spam protection mechanisms of Cisco AsyncOS Software for the Cisco Email Security Appliance (ESA) could allow an unauthent↗2022-05-13

▶

CVEList

Cisco Email Security Appliance URL Filtering Bypass Vulnerability↗2018-10-05

▶

📋Vendor Advisories

Cisco

Cisco Email Security Appliance URL Filtering Bypass Vulnerability↗2018-09-05

▶