Vulnerability Details : CVE-2015-4184
The anti-spam scanner on Cisco Email Security Appliance (ESA) devices 3.3.1-09, 7.5.1-gpl-022, and 8.5.6-074 allows remote attackers to bypass intended e-mail restrictions via a malformed DNS SPF record, aka Bug IDs CSCuu35853 and CSCuu37733.
Vulnerability category: Input validation
Products affected by CVE-2015-4184
- cpe:2.3:h:cisco:email_security_appliance:3.331-09:*:*:*:*:*:*:*
- cpe:2.3:h:cisco:email_security_appliance:7.5.1-gpl-022:*:*:*:*:*:*:*
- cpe:2.3:h:cisco:email_security_appliance:8.5.6-074:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2015-4184
0.13%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 47 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2015-4184
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:N/I:P/A:N |
10.0
|
2.9
|
NIST |
CWE ids for CVE-2015-4184
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: nvd@nist.gov (Primary)
References for CVE-2015-4184
-
http://www.securitytracker.com/id/1032582
Cisco Email Security Appliance DNS SPF Packet Processing Flaw Lets Remote Users Bypass the Anti-Spam Function - SecurityTrackerThird Party Advisory;VDB Entry
-
http://tools.cisco.com/security/center/viewAlert.x?alertId=39339
Cisco Email Security Appliance Anti-Spam Scanner Bypass VulnerabilityVendor Advisory
-
http://www.securityfocus.com/bid/75181
Cisco Email Security Appliance CVE-2015-4184 Remote Security Bypass VulnerabilityThird Party Advisory;VDB Entry
Jump to