CVE-2015-4322

Severity

55%

Complexity

80%

Confidentiality

81%

Cisco Content Security Management Appliance (SMA) 8.3.6-039, 9.1.0-31, and 9.1.0-103 improperly restricts the privileges available after LDAP authentication, which allows remote authenticated users to read or write to an arbitrary user's Spam Quarantine folder by visiting a spam-notification URL, aka Bug ID CSCuv65894.

Cisco Content Security Management Appliance (SMA) 8.3.6-039, 9.1.0-31, and 9.1.0-103 improperly restricts the privileges available after LDAP authentication, which allows remote authenticated users to read or write to an arbitrary user's Spam Quarantine folder by visiting a spam-notification URL, aka Bug ID CSCuv65894.

CVSS 2.0 Base Score 5.5. CVSS Attack Vector: network. CVSS Attack Complexity: low. CVSS Vector: (AV:N/AC:L/Au:S/C:P/I:P/A:N).

Overview

Type

Cisco Content Security Management Appliance

First reported 9 years ago

2015-08-19 15:59:00

Last updated 7 years ago

2017-09-20 01:29:00

Affected Software

Cisco Content Security Management Appliance 8.3.6-039

8.3.6-039

Cisco Content Security Management Appliance 9.0.0-31

9.1.0-31

Cisco Content Security Management Appliance 9.1.0-103

9.1.0-103

References

20150814 Cisco Security Mail Appliance Email Spam Quarantine Privilege Escalation Vulnerability

Vendor Advisory

76365

1033322

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.