Details of VAR-201802-0689

ID

VAR-201802-0689

CVE

CVE-2018-0203

TITLE

Cisco Unity Connection Data processing vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2018-002342

DESCRIPTION

A vulnerability in the SMTP relay of Cisco Unity Connection could allow an unauthenticated, remote attacker to send unsolicited email messages, aka a Mail Relay Vulnerability. The vulnerability is due to improper handling of domain information in the affected software. An unauthenticated, remote attacker could exploit this vulnerability by sending crafted requests to the targeted application. A successful exploit could allow the attacker to send email messages to arbitrary addresses. Cisco Bug IDs: CSCvg62215. Cisco Unity Connection Contains a data processing vulnerability. Vendors have confirmed this vulnerability Bug ID CSCvg62215 It is released as.Information may be tampered with. Attackers can exploit this issue to perform unauthorized actions. This may lead to further attacks. Cisco Unity Connection (UC) is a set of voice message platform of Cisco (Cisco). The platform can use voice commands to make calls or listen to messages "hands-free". SMTP relay is one of the mail relay components. There is a security vulnerability in the SMTP relay in Cisco UC, which is caused by the program not processing domain information correctly

Trust: 1.98

sources: NVD: CVE-2018-0203 // JVNDB: JVNDB-2018-002342 // BID: 103142 // VULHUB: VHN-118405

AFFECTED PRODUCTS

vendor:	cisco	model:	unity connection	scope:	eq	version:	-	Trust: 1.6
vendor:	cisco	model:	unity connection	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	unity connection	scope:	eq	version:	11.5(1.999)	Trust: 0.3

sources: BID: 103142 // JVNDB: JVNDB-2018-002342 // CNNVD: CNNVD-201802-432 // NVD: CVE-2018-0203

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2018-0203
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2018-0203
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201802-432
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-118405
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2018-0203
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-118405
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2018-0203
baseSeverity:	MEDIUM
baseScore:	5.3
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	NONE
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	1.4
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-118405 // JVNDB: JVNDB-2018-002342 // CNNVD: CNNVD-201802-432 // NVD: CVE-2018-0203

PROBLEMTYPE DATA

problemtype:	CWE-19	Trust: 1.9
problemtype:	NVD-CWE-noinfo	Trust: 1.0

sources: VULHUB: VHN-118405 // JVNDB: JVNDB-2018-002342 // NVD: CVE-2018-0203

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201802-432

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-201802-432

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-002342

PATCH

title:	cisco-sa-20180221-cuc	url:	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180221-cuc	Trust: 0.8
title:	Cisco Unity Connection SMTP relay Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=78511	Trust: 0.6

sources: JVNDB: JVNDB-2018-002342 // CNNVD: CNNVD-201802-432

EXTERNAL IDS

db:	NVD	id:	CVE-2018-0203	Trust: 2.8
db:	BID	id:	103142	Trust: 2.0
db:	SECTRACK	id:	1040413	Trust: 1.7
db:	JVNDB	id:	JVNDB-2018-002342	Trust: 0.8
db:	CNNVD	id:	CNNVD-201802-432	Trust: 0.7
db:	VULHUB	id:	VHN-118405	Trust: 0.1

sources: VULHUB: VHN-118405 // BID: 103142 // JVNDB: JVNDB-2018-002342 // CNNVD: CNNVD-201802-432 // NVD: CVE-2018-0203

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20180221-cuc	Trust: 2.0
url:	http://www.securityfocus.com/bid/103142	Trust: 1.7
url:	http://www.securitytracker.com/id/1040413	Trust: 1.7
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0203	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2018-0203	Trust: 0.8
url:	http://www.cisco.com/	Trust: 0.3

sources: VULHUB: VHN-118405 // BID: 103142 // JVNDB: JVNDB-2018-002342 // CNNVD: CNNVD-201802-432 // NVD: CVE-2018-0203

CREDITS

The vendor reported this issue.

Trust: 0.3

sources: BID: 103142

SOURCES

db:	VULHUB	id:	VHN-118405
db:	BID	id:	103142
db:	JVNDB	id:	JVNDB-2018-002342
db:	CNNVD	id:	CNNVD-201802-432
db:	NVD	id:	CVE-2018-0203

LAST UPDATE DATE

2024-11-23T22:22:13.402000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-118405	date:	2019-10-09T00:00:00
db:	BID	id:	103142	date:	2018-02-21T00:00:00
db:	JVNDB	id:	JVNDB-2018-002342	date:	2018-04-09T00:00:00
db:	CNNVD	id:	CNNVD-201802-432	date:	2019-10-17T00:00:00
db:	NVD	id:	CVE-2018-0203	date:	2024-11-21T03:37:43.427

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-118405	date:	2018-02-22T00:00:00
db:	BID	id:	103142	date:	2018-02-21T00:00:00
db:	JVNDB	id:	JVNDB-2018-002342	date:	2018-04-09T00:00:00
db:	CNNVD	id:	CNNVD-201802-432	date:	2018-02-22T00:00:00
db:	NVD	id:	CVE-2018-0203	date:	2018-02-22T00:29:00.737