CVE-2015-4184

Published: Jun 13, 2015Modified: May 6, 2026

5.0

Vector

AV:N/AC:L/Au:N/C:N/I:P/A:N

Exploitability: 10.0 / Impact: 2.9

Source: NVD

Description

The anti-spam scanner on Cisco Email Security Appliance (ESA) devices 3.3.1-09, 7.5.1-gpl-022, and 8.5.6-074 allows remote attackers to bypass intended e-mail restrictions via a malformed DNS SPF record, aka Bug IDs CSCuu35853 and CSCuu37733.

Affected (3)

Products: Cisco: Email Security Appliance

Cisco

1 product

Email Security Appliance

Configuration A

3 vulnerable

Vulnerable Software	Affected Versions
Cisco Email Security Appliance	Version 3.331-09
Cisco Email Security Appliance	Version 7.5.1-gpl-022
Cisco Email Security Appliance	Version 8.5.6-074

Related CWEs

CWE-20

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (6)

http://tools.cisco.com/security/center/viewAlert.x?alertId=39339

Source: psirt@cisco.com

Vendor Advisory

http://www.securityfocus.com/bid/75181

Source: psirt@cisco.com

Third Party AdvisoryVDB Entry

http://www.securitytracker.com/id/1032582

Source: psirt@cisco.com

Third Party AdvisoryVDB Entry

http://tools.cisco.com/security/center/viewAlert.x?alertId=39339

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://www.securityfocus.com/bid/75181

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

http://www.securitytracker.com/id/1032582

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

Timeline

No history available yet.