Sign-up

ID

VAR-201802-0921


CVE

CVE-2018-6288


TITLE

Kaspersky Secure Mail Gateway Vulnerable to cross-site request forgery

Trust: 0.8

sources: JVNDB: JVNDB-2018-001953

DESCRIPTION

Cross-site Request Forgery leading to Administrative account takeover in Kaspersky Secure Mail Gateway version 1.1. Kaspersky Secure Mail Gateway is an email security solution from Kaspersky Lab in Russia. The program can automatically filter spam, phishing websites and various malicious attachments. A remote attacker could exploit this vulnerability to take control of an administrator account

Trust: 1.71

sources: NVD: CVE-2018-6288 // JVNDB: JVNDB-2018-001953 // VULHUB: VHN-136320

AFFECTED PRODUCTS

vendor:kasperskymodel:secure mail gatewayscope:eqversion:1.1

Trust: 2.4

sources: JVNDB: JVNDB-2018-001953 // CNNVD: CNNVD-201802-176 // NVD: CVE-2018-6288

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-6288
value: HIGH

Trust: 1.0

NVD: CVE-2018-6288
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201802-176
value: MEDIUM

Trust: 0.6

VULHUB: VHN-136320
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2018-6288
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-136320
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-6288
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-136320 // JVNDB: JVNDB-2018-001953 // CNNVD: CNNVD-201802-176 // NVD: CVE-2018-6288

PROBLEMTYPE DATA

problemtype:CWE-352

Trust: 1.9

sources: VULHUB: VHN-136320 // JVNDB: JVNDB-2018-001953 // NVD: CVE-2018-6288

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201802-176

TYPE

cross-site request forgery

Trust: 0.6

sources: CNNVD: CNNVD-201802-176

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-001953

PATCH
title:Advisory issued on 1st February, 2018url:https://support.kaspersky.com/vulnerability.aspx?el=12430#010218
Trust: 0.8
title:Kaspersky Secure Mail Gateway Fixes for cross-site request forgery vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=78307
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2018-001953 // 
            
            
            
            CNNVD: CNNVD-201802-176

EXTERNAL IDS
db:NVDid:CVE-2018-6288
Trust: 2.5
db:JVNDBid:JVNDB-2018-001953
Trust: 0.8
db:CNNVDid:CNNVD-201802-176
Trust: 0.6
db:VULHUBid:VHN-136320
Trust: 0.1
sources:
            
            
            VULHUB: VHN-136320 // 
            
            
            
            JVNDB: JVNDB-2018-001953 // 
            
            
            
            CNNVD: CNNVD-201802-176 // 
            
            
            
            NVD: CVE-2018-6288

REFERENCES
url:https://support.kaspersky.com/vulnerability.aspx?el=12430#010218
Trust: 1.7
url:https://www.coresecurity.com/advisories/kaspersky-secure-mail-gateway-multiple-vulnerabilities
Trust: 1.1
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-6288
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-6288
Trust: 0.8
sources:
            
            
            VULHUB: VHN-136320 // 
            
            
            
            JVNDB: JVNDB-2018-001953 // 
            
            
            
            CNNVD: CNNVD-201802-176 // 
            
            
            
            NVD: CVE-2018-6288

SOURCES
db:VULHUBid:VHN-136320
db:JVNDBid:JVNDB-2018-001953
db:CNNVDid:CNNVD-201802-176
db:NVDid:CVE-2018-6288

LAST UPDATE DATE
2024-11-23T22:34:20.327000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-136320date:2018-03-01T00:00:00
db:JVNDBid:JVNDB-2018-001953date:2018-03-16T00:00:00
db:CNNVDid:CNNVD-201802-176date:2018-02-07T00:00:00
db:NVDid:CVE-2018-6288date:2024-11-21T04:10:24.990

SOURCES RELEASE DATE
db:VULHUBid:VHN-136320date:2018-02-06T00:00:00
db:JVNDBid:JVNDB-2018-001953date:2018-03-16T00:00:00
db:CNNVDid:CNNVD-201802-176date:2018-02-07T00:00:00
db:NVDid:CVE-2018-6288date:2018-02-06T15:29:00.377