CVE-2018-0140: Infoleak
First published: Thu Feb 08 2018(Updated: )
A vulnerability in the spam quarantine of Cisco Email Security Appliance and Cisco Content Security Management Appliance could allow an authenticated, remote attacker to download any message from the spam quarantine by modifying browser string information. The vulnerability is due to a lack of verification of authenticated user accounts. An attacker could exploit this vulnerability by modifying browser strings to see messages submitted by other users to the spam quarantine within their company. Cisco Bug IDs: CSCvg39759, CSCvg42295.
Credit: ykramarz@cisco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cisco Email Security Appliance Firmware | =9.8.0-112 | |
| Cisco Email Security Appliance Firmware | =10.0.1-087 | |
| Cisco Email Security Appliance Firmware | =11.0.0-274 | |
| Cisco Email Security Appliance C160 | ||
| Cisco Email Security Appliance C170 | ||
| Cisco Email Security Appliance C190 | ||
| Cisco Email Security Appliance C370 | ||
| Cisco Email Security Appliance C370d | ||
| Cisco Email Security Appliance C380 | ||
| Cisco Email Security Appliance C390 | ||
| Cisco Email Security Appliance C670 | ||
| Cisco Email Security Appliance C680 | ||
| Cisco Email Security Appliance C690 | ||
| Cisco Email Security Appliance C690x | ||
| Cisco Email Security Appliance X1070 | ||
| Cisco Content Security Management Appliance | =10.0.0-096 | |
| Cisco Content Security Management Appliance | =10.1.0-037 | |
| Cisco Content Security Management Appliance | =10.1.0-052 | |
| Cisco Content Security Management Appliance | =11.0.0-115 | |
| Cisco Content Security Management Appliance Sma M190 | ||
| Cisco Content Security Management Appliance Sma M390 | ||
| Cisco Content Security Management Appliance Sma M390x | ||
| Cisco Content Security Management Appliance Sma M690 | ||
| Cisco Content Security Management Appliance Sma M690x |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2018-0140?
The severity of CVE-2018-0140 is medium with a CVSS score of 6.5.
How can an attacker exploit CVE-2018-0140?
An attacker can exploit CVE-2018-0140 by modifying browser string information to download any message from the spam quarantine in Cisco Email Security Appliance and Cisco Content Security Management Appliance.
Which versions of Cisco Email Security Appliance are affected by CVE-2018-0140?
Versions 9.8.0-112, 10.0.1-087, and 11.0.0-274 of Cisco Email Security Appliance are affected by CVE-2018-0140.
Which versions of Cisco Content Security Management Appliance are affected by CVE-2018-0140?
Versions 10.0.0-096, 10.1.0-037, 10.1.0-052, and 11.0.0-115 of Cisco Content Security Management Appliance are affected by CVE-2018-0140.
Are the Cisco Email Security Appliance C160, C170, C190, C370, C370d, C380, C390, C670, C680, C690, C690x, and X1070 vulnerable to CVE-2018-0140?
No, the Cisco Email Security Appliance C160, C170, C190, C370, C370d, C380, C390, C670, C680, C690, C690x, and X1070 are not vulnerable to CVE-2018-0140.
- collector/nvd-index
- agent/references
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/weakness
- agent/severity
- agent/author
- agent/first-publish-date
- agent/event
- agent/description
- agent/tags
- vendor/cisco
- canonical/cisco email security appliance firmware
- version/cisco email security appliance firmware/9.8.0-112
- version/cisco email security appliance firmware/10.0.1-087
- version/cisco email security appliance firmware/11.0.0-274
- canonical/cisco email security appliance c160
- canonical/cisco email security appliance c170
- canonical/cisco email security appliance c190
- canonical/cisco email security appliance c370
- canonical/cisco email security appliance c370d
- canonical/cisco email security appliance c380
- canonical/cisco email security appliance c390
- canonical/cisco email security appliance c670
- canonical/cisco email security appliance c680
- canonical/cisco email security appliance c690
- canonical/cisco email security appliance c690x
- canonical/cisco email security appliance x1070
- canonical/cisco content security management appliance
- version/cisco content security management appliance/10.0.0-096
- version/cisco content security management appliance/10.1.0-037
- version/cisco content security management appliance/10.1.0-052
- version/cisco content security management appliance/11.0.0-115
- canonical/cisco content security management appliance sma m190
- canonical/cisco content security management appliance sma m390
- canonical/cisco content security management appliance sma m390x
- canonical/cisco content security management appliance sma m690
- canonical/cisco content security management appliance sma m690x