Unauthorized Access to Email Quarantine in Cisco Content Security Management Appliance (SMA) Software

Unauthorized Access to Email Quarantine in Cisco Content Security Management Appliance (SMA) Software

CVE-2019-12635 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

A vulnerability in the authorization module of Cisco Content Security Management Appliance (SMA) Software could allow an authenticated, remote attacker to gain out-of-scope access to email. The vulnerability exists because the affected software does not correctly implement role permission controls. An attacker could exploit this vulnerability by using a custom role with specific permissions. A successful exploit could allow the attacker to access the spam quarantine of other users.

Learn more about our Cis Benchmark Audit For Cisco.