Sign-up

ID

VAR-201802-0922


CVE

CVE-2018-6289


TITLE

Kaspersky Secure Mail Gateway Injection vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2018-001818

DESCRIPTION

Configuration file injection leading to Code Execution as Root in Kaspersky Secure Mail Gateway version 1.1. Kaspersky Secure Mail Gateway Contains an injection vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Kaspersky Secure Mail Gateway is an email security solution from Kaspersky Lab in Russia. The program can automatically filter spam, phishing websites and various malicious attachments

Trust: 1.8

sources: NVD: CVE-2018-6289 // JVNDB: JVNDB-2018-001818 // VULHUB: VHN-136321 // VULMON: CVE-2018-6289

AFFECTED PRODUCTS

vendor:kasperskymodel:secure mail gatewayscope:eqversion:1.1

Trust: 2.4

sources: JVNDB: JVNDB-2018-001818 // CNNVD: CNNVD-201802-175 // NVD: CVE-2018-6289

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-6289
value: CRITICAL

Trust: 1.0

NVD: CVE-2018-6289
value: CRITICAL

Trust: 0.8

CNNVD: CNNVD-201802-175
value: CRITICAL

Trust: 0.6

VULHUB: VHN-136321
value: HIGH

Trust: 0.1

VULMON: CVE-2018-6289
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2018-6289
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-136321
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-6289
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-136321 // VULMON: CVE-2018-6289 // JVNDB: JVNDB-2018-001818 // CNNVD: CNNVD-201802-175 // NVD: CVE-2018-6289

PROBLEMTYPE DATA

problemtype:CWE-74

Trust: 1.9

sources: VULHUB: VHN-136321 // JVNDB: JVNDB-2018-001818 // NVD: CVE-2018-6289

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201802-175

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-201802-175

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-001818

PATCH
title:Advisory issued on 1st February, 2018url:https://support.kaspersky.com/vulnerability.aspx?el=12430#010218
Trust: 0.8
title:Kaspersky Secure Mail Gateway Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=78306
Trust: 0.6
title:lean0x2f.github.iourl:https://github.com/lean0x2F/lean0x2f.github.io 
Trust: 0.1
sources:
            
            
            VULMON: CVE-2018-6289 // 
            
            
            
            JVNDB: JVNDB-2018-001818 // 
            
            
            
            CNNVD: CNNVD-201802-175

EXTERNAL IDS
db:NVDid:CVE-2018-6289
Trust: 2.6
db:JVNDBid:JVNDB-2018-001818
Trust: 0.8
db:CNNVDid:CNNVD-201802-175
Trust: 0.6
db:VULHUBid:VHN-136321
Trust: 0.1
db:VULMONid:CVE-2018-6289
Trust: 0.1
sources:
            
            
            VULHUB: VHN-136321 // 
            
            
            
            VULMON: CVE-2018-6289 // 
            
            
            
            JVNDB: JVNDB-2018-001818 // 
            
            
            
            CNNVD: CNNVD-201802-175 // 
            
            
            
            NVD: CVE-2018-6289

REFERENCES
url:https://support.kaspersky.com/vulnerability.aspx?el=12430#010218
Trust: 1.8
url:https://www.coresecurity.com/advisories/kaspersky-secure-mail-gateway-multiple-vulnerabilities
Trust: 1.2
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-6289
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-6289
Trust: 0.8
url:https://cwe.mitre.org/data/definitions/74.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
url:https://github.com/lean0x2f/lean0x2f.github.io
Trust: 0.1
sources:
            
            
            VULHUB: VHN-136321 // 
            
            
            
            VULMON: CVE-2018-6289 // 
            
            
            
            JVNDB: JVNDB-2018-001818 // 
            
            
            
            CNNVD: CNNVD-201802-175 // 
            
            
            
            NVD: CVE-2018-6289

SOURCES
db:VULHUBid:VHN-136321
db:VULMONid:CVE-2018-6289
db:JVNDBid:JVNDB-2018-001818
db:CNNVDid:CNNVD-201802-175
db:NVDid:CVE-2018-6289

LAST UPDATE DATE
2024-11-23T22:45:26.410000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-136321date:2018-02-23T00:00:00
db:VULMONid:CVE-2018-6289date:2018-02-23T00:00:00
db:JVNDBid:JVNDB-2018-001818date:2018-03-09T00:00:00
db:CNNVDid:CNNVD-201802-175date:2018-02-07T00:00:00
db:NVDid:CVE-2018-6289date:2024-11-21T04:10:25.103

SOURCES RELEASE DATE
db:VULHUBid:VHN-136321date:2018-02-06T00:00:00
db:VULMONid:CVE-2018-6289date:2018-02-06T00:00:00
db:JVNDBid:JVNDB-2018-001818date:2018-03-09T00:00:00
db:CNNVDid:CNNVD-201802-175date:2018-02-07T00:00:00
db:NVDid:CVE-2018-6289date:2018-02-06T15:29:00.437