CVE-2018-0203

Severity Score

5.3

*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

A vulnerability in the SMTP relay of Cisco Unity Connection could allow an unauthenticated, remote attacker to send unsolicited email messages, aka a Mail Relay Vulnerability. The vulnerability is due to improper handling of domain information in the affected software. An unauthenticated, remote attacker could exploit this vulnerability by sending crafted requests to the targeted application. A successful exploit could allow the attacker to send email messages to arbitrary addresses. Cisco Bug IDs: CSCvg62215.

Una vulnerabilidad en el relay SMTP de Cisco Unity Connection podría permitir que un atacante remoto no autenticado envíe correos electrónicos no solicitados. Esto también se conoce como "Mail Relay Vulnerability". Esta vulnerabilidad se debe a la gestión inadecuada de la información de dominio en el software afectado. Un atacante remoto no autenticado podría explotar esta vulnerabilidad enviando peticiones manipuladas a la aplicación objetivo. Esta vulnerabilidad podría permitir que el atacante envíe mensajes de correo electrónico a direcciones arbitrarias. Cisco Bug IDs: CSCvg62215.

*Credits: N/A

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

Low

Availability

None

Attack Vector

Network

Attack Complexity

Low

Authentication

None

Confidentiality

None

Integrity

Partial

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2017-11-27 CVE Reserved
2018-02-22 CVE Published
2023-08-24 EPSS Updated
2024-08-05 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-19: Data Processing Errors

CAPEC

References (3)

URL	Tag	Source
http://www.securityfocus.com/bid/103142	Third Party Advisory
http://www.securitytracker.com/id/1040413	Third Party Advisory

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180221-cuc	2019-10-09

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Cisco Search vendor "Cisco"		Unity Connection Search vendor "Cisco" for product "Unity Connection"				-		-		Affected