VDB
CVE-2018-0447
CVE-2018-0447
PUBLISHED
CVSS 5 MEDIUM
A vulnerability in the anti-spam protection mechanisms of Cisco AsyncOS Software for the Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to bypass certain content filters on an affected device. The vulnerability is due to incomplete input and validation checking mechanisms for certain Sender Policy Framework (SPF) messages that are sent to an affected device. An attacker could exploit this vulnerability by sending a customized SPF packet to an affected device. If successful, an exploit could allow the attacker to bypass the URL filters that are configured for the affected device, which could allow malicious URLs to pass through the device.
EPSS 0.24% · 47.7th percentile
Risk Scores
CVSS 2.0
5
EPSS Score
0.24%
47.7th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| cisco | email_security_appliance | |
| Cisco | Cisco Email Security Appliance (ESA) | * |
Exploit Intelligence
- 105300 (circl)
- 1041687 (circl)
- 20180905 Cisco Email Security Appliance URL Filtering Bypass Vulnerability (circl)
Timeline
- Sep 5, 2018 CVE Published
- Apr 14, 2021 EPSS Score
- Jun 23, 2021 EPSS Score
- Aug 24, 2021 EPSS Score
- Oct 26, 2021 EPSS Score
- Dec 27, 2021 EPSS Score
- Feb 28, 2022 EPSS Score
- May 2, 2022 EPSS Score
- Jul 3, 2022 EPSS Score
- Sep 5, 2022 EPSS Score
- Nov 6, 2022 EPSS Score
- Jan 8, 2023 EPSS Score