What is the severity of CVE-2018-0140?

The severity of CVE-2018-0140 is medium with a CVSS score of 6.5.

How can an attacker exploit CVE-2018-0140?

An attacker can exploit CVE-2018-0140 by modifying browser string information to download any message from the spam quarantine in Cisco Email Security Appliance and Cisco Content Security Management Appliance.

Which versions of Cisco Email Security Appliance are affected by CVE-2018-0140?

Versions 9.8.0-112, 10.0.1-087, and 11.0.0-274 of Cisco Email Security Appliance are affected by CVE-2018-0140.

Which versions of Cisco Content Security Management Appliance are affected by CVE-2018-0140?

Versions 10.0.0-096, 10.1.0-037, 10.1.0-052, and 11.0.0-115 of Cisco Content Security Management Appliance are affected by CVE-2018-0140.

Are the Cisco Email Security Appliance C160, C170, C190, C370, C370d, C380, C390, C670, C680, C690, C690x, and X1070 vulnerable to CVE-2018-0140?

No, the Cisco Email Security Appliance C160, C170, C190, C370, C370d, C380, C390, C670, C680, C690, C690x, and X1070 are not vulnerable to CVE-2018-0140.

Vulnerability/
CVE-2018-0140

medium

6.5

CWE

425 200

8/2/2018

2/12/2024

CVE-2018-0140: Infoleak

First published: Thu Feb 08 2018(Updated: )

A vulnerability in the spam quarantine of Cisco Email Security Appliance and Cisco Content Security Management Appliance could allow an authenticated, remote attacker to download any message from the spam quarantine by modifying browser string information. The vulnerability is due to a lack of verification of authenticated user accounts. An attacker could exploit this vulnerability by modifying browser strings to see messages submitted by other users to the spam quarantine within their company. Cisco Bug IDs: CSCvg39759, CSCvg42295.

Credit: ykramarz@cisco.com

Affected Software	Affected Version	How to fix
Cisco AsyncOS Software for Cisco Email Security Appliances	=9.8.0-112
Cisco AsyncOS Software for Cisco Email Security Appliances	=10.0.1-087
Cisco AsyncOS Software for Cisco Email Security Appliances	=11.0.0-274
Cisco AsyncOS Software for Cisco Email Security Appliances
Cisco AsyncOS Software for Cisco Email Security Appliances
Cisco Email Security Appliance
Cisco Email Security Appliance
Cisco Email Security Appliance
Cisco AsyncOS Software for Cisco Email Security Appliances
Cisco Email Security Appliance
Cisco Email Security Appliance
Cisco Email Security Appliance C680
Cisco Email Security Appliance C690
Cisco Email Security Appliance
Cisco Email Security Appliance
Cisco Content Security Management	=10.0.0-096
Cisco Content Security Management	=10.1.0-037
Cisco Content Security Management	=10.1.0-052
Cisco Content Security Management	=11.0.0-115
Cisco Content Security Management Appliance SMA M190
Cisco Content Security Management Appliance SMA M390
Cisco Content Security Management Appliance SMA M390X
Cisco Content Security Management Appliance (SMA) M690
Cisco Content Security Management Appliance M690X

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2018-0140?
The severity of CVE-2018-0140 is medium with a CVSS score of 6.5.
How can an attacker exploit CVE-2018-0140?
An attacker can exploit CVE-2018-0140 by modifying browser string information to download any message from the spam quarantine in Cisco Email Security Appliance and Cisco Content Security Management Appliance.
Which versions of Cisco Email Security Appliance are affected by CVE-2018-0140?
Versions 9.8.0-112, 10.0.1-087, and 11.0.0-274 of Cisco Email Security Appliance are affected by CVE-2018-0140.
Which versions of Cisco Content Security Management Appliance are affected by CVE-2018-0140?
Versions 10.0.0-096, 10.1.0-037, 10.1.0-052, and 11.0.0-115 of Cisco Content Security Management Appliance are affected by CVE-2018-0140.
Are the Cisco Email Security Appliance C160, C170, C190, C370, C370d, C380, C390, C670, C680, C690, C690x, and X1070 vulnerable to CVE-2018-0140?
No, the Cisco Email Security Appliance C160, C170, C190, C370, C370d, C380, C390, C670, C680, C690, C690x, and X1070 are not vulnerable to CVE-2018-0140.

agent/references
agent/type
agent/weakness
agent/severity
agent/author
agent/first-publish-date
agent/event
agent/description
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/source
agent/softwarecombine
agent/tags
collector/nvd-index
agent/software-canonical-lookup-request
vendor/cisco
canonical/cisco asyncos software for cisco email security appliances
version/cisco asyncos software for cisco email security appliances/9.8.0-112
version/cisco asyncos software for cisco email security appliances/10.0.1-087
version/cisco asyncos software for cisco email security appliances/11.0.0-274
canonical/cisco email security appliance
canonical/cisco email security appliance c680
canonical/cisco email security appliance c690
canonical/cisco content security management
version/cisco content security management/10.0.0-096
version/cisco content security management/10.1.0-037
version/cisco content security management/10.1.0-052
version/cisco content security management/11.0.0-115
canonical/cisco content security management appliance sma m190
canonical/cisco content security management appliance sma m390
canonical/cisco content security management appliance sma m390x
canonical/cisco content security management appliance (sma) m690
canonical/cisco content security management appliance m690x