Details of VAR-201802-0605

ID

VAR-201802-0605

CVE

CVE-2018-0140

TITLE

Cisco Email Security Appliance and Cisco Content Security Management Appliance Information Disclosure Vulnerability

Trust: 1.2

sources: CNVD: CNVD-2018-05311 // CNNVD: CNNVD-201802-264

DESCRIPTION

A vulnerability in the spam quarantine of Cisco Email Security Appliance and Cisco Content Security Management Appliance could allow an authenticated, remote attacker to download any message from the spam quarantine by modifying browser string information. The vulnerability is due to a lack of verification of authenticated user accounts. An attacker could exploit this vulnerability by modifying browser strings to see messages submitted by other users to the spam quarantine within their company. Cisco Bug IDs: CSCvg39759, CSCvg42295. Vendors have confirmed this vulnerability Bug ID CSCvg39759 and CSCvg42295 It is released as.Information may be obtained. Spamquarantine is one of the spam isolation components. Multiple Cisco Products are prone to an information-disclosure vulnerability. An attacker can exploit this issue to gain access to sensitive information that may aid in further attacks

Trust: 2.52

sources: NVD: CVE-2018-0140 // JVNDB: JVNDB-2018-002226 // CNVD: CNVD-2018-05311 // BID: 103090 // VULHUB: VHN-118342

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2018-05311

AFFECTED PRODUCTS

vendor:	cisco	model:	email security appliance	scope:	eq	version:	10.0.1-087	Trust: 2.5
vendor:	cisco	model:	content security management appliance	scope:	eq	version:	10.1.0-037	Trust: 2.5
vendor:	cisco	model:	email security appliance	scope:	eq	version:	9.8.0-112	Trust: 2.5
vendor:	cisco	model:	email security appliance	scope:	eq	version:	11.0.0-274	Trust: 2.5
vendor:	cisco	model:	content security management appliance	scope:	eq	version:	10.0.0-096	Trust: 2.5
vendor:	cisco	model:	content security management appliance	scope:	eq	version:	11.0.0-115	Trust: 1.9
vendor:	cisco	model:	content security management appliance	scope:	eq	version:	10.1.0-052	Trust: 1.9
vendor:	cisco	model:	e email security appliance	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	content security management appliance	scope:	eq	version:	firmware	Trust: 0.8
vendor:	cisco	model:	email security appliance	scope:	ne	version:	11.1.0-069	Trust: 0.3

sources: CNVD: CNVD-2018-05311 // BID: 103090 // JVNDB: JVNDB-2018-002226 // CNNVD: CNNVD-201802-264 // NVD: CVE-2018-0140

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2018-0140
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2018-0140
value:	MEDIUM
Trust: 0.8
CNVD:	CNVD-2018-05311
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201802-264
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-118342
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2018-0140
severity:	MEDIUM
baseScore:	4.0
vectorString:	AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2018-05311
severity:	MEDIUM
baseScore:	4.0
vectorString:	AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-118342
severity:	MEDIUM
baseScore:	4.0
vectorString:	AV:N/AC:L/AU:S/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	SINGLE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	8.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2018-0140
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	3.6
version:	3.1
Trust: 1.0
NVD:	CVE-2018-0140
baseSeverity:	MEDIUM
baseScore:	6.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: CNVD: CNVD-2018-05311 // VULHUB: VHN-118342 // JVNDB: JVNDB-2018-002226 // CNNVD: CNNVD-201802-264 // NVD: CVE-2018-0140

PROBLEMTYPE DATA

problemtype:	CWE-200	Trust: 1.9
problemtype:	CWE-425	Trust: 1.1

sources: VULHUB: VHN-118342 // JVNDB: JVNDB-2018-002226 // NVD: CVE-2018-0140

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201802-264

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201802-264

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-002226

PATCH

title:	cisco-sa-20180207-esacsm	url:	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180207-esacsm	Trust: 0.8
title:	CiscoEmailSecurityAppliance and CiscoContentSecurityManagementAppliance Information Disclosure Vulnerability Patch	url:	https://www.cnvd.org.cn/patchInfo/show/121427	Trust: 0.6
title:	Cisco Email Security Appliance and Cisco Content Security Management Appliance Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=78377	Trust: 0.6

sources: CNVD: CNVD-2018-05311 // JVNDB: JVNDB-2018-002226 // CNNVD: CNNVD-201802-264

EXTERNAL IDS

db:	NVD	id:	CVE-2018-0140	Trust: 3.4
db:	BID	id:	103090	Trust: 2.6
db:	SECTRACK	id:	1040338	Trust: 1.7
db:	SECTRACK	id:	1040339	Trust: 1.7
db:	JVNDB	id:	JVNDB-2018-002226	Trust: 0.8
db:	CNNVD	id:	CNNVD-201802-264	Trust: 0.7
db:	CNVD	id:	CNVD-2018-05311	Trust: 0.6
db:	VULHUB	id:	VHN-118342	Trust: 0.1

sources: CNVD: CNVD-2018-05311 // VULHUB: VHN-118342 // BID: 103090 // JVNDB: JVNDB-2018-002226 // CNNVD: CNNVD-201802-264 // NVD: CVE-2018-0140

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20180207-esacsm	Trust: 2.6
url:	http://www.securityfocus.com/bid/103090	Trust: 2.3
url:	http://www.securitytracker.com/id/1040338	Trust: 1.7
url:	http://www.securitytracker.com/id/1040339	Trust: 1.7
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0140	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2018-0140	Trust: 0.8
url:	http://www.cisco.com/	Trust: 0.3

sources: CNVD: CNVD-2018-05311 // VULHUB: VHN-118342 // BID: 103090 // JVNDB: JVNDB-2018-002226 // CNNVD: CNNVD-201802-264 // NVD: CVE-2018-0140

CREDITS

Cisco

Trust: 0.3

sources: BID: 103090

SOURCES

db:	CNVD	id:	CNVD-2018-05311
db:	VULHUB	id:	VHN-118342
db:	BID	id:	103090
db:	JVNDB	id:	JVNDB-2018-002226
db:	CNNVD	id:	CNNVD-201802-264
db:	NVD	id:	CVE-2018-0140

LAST UPDATE DATE

2024-11-23T22:22:13.481000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2018-05311	date:	2018-03-15T00:00:00
db:	VULHUB	id:	VHN-118342	date:	2023-02-21T00:00:00
db:	BID	id:	103090	date:	2018-02-07T00:00:00
db:	JVNDB	id:	JVNDB-2018-002226	date:	2018-04-03T00:00:00
db:	CNNVD	id:	CNNVD-201802-264	date:	2020-10-22T00:00:00
db:	NVD	id:	CVE-2018-0140	date:	2024-11-21T03:37:35.953

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2018-05311	date:	2018-03-15T00:00:00
db:	VULHUB	id:	VHN-118342	date:	2018-02-08T00:00:00
db:	BID	id:	103090	date:	2018-02-07T00:00:00
db:	JVNDB	id:	JVNDB-2018-002226	date:	2018-04-03T00:00:00
db:	CNNVD	id:	CNNVD-201802-264	date:	2018-02-09T00:00:00
db:	NVD	id:	CVE-2018-0140	date:	2018-02-08T07:29:01.053