CVE-2019-12706

MEDIUM Year: 2019
CVSS v3 Score
6.5
Medium
CVSS v2 Score
5.0
Medium
Weakness Type
CWE-20
View all →

Vulnerability Description

A vulnerability in the Sender Policy Framework (SPF) functionality of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to bypass the configured user filters on an affected device. The vulnerability exists because the affected software insufficiently validates certain incoming SPF messages. An attacker could exploit this vulnerability by sending a custom SPF packet to an affected device. A successful exploit could allow the attacker to bypass the configured header filters, which could allow malicious content to pass through the device.

Related Vulnerabilities

CVE-2009-5004

MEDIUM
CVSS:6.5(Medium)

qpid-cpp 1.0 crashes when a large message is sent and the Digest-MD5 mechanism with a security layer is in use .

CWE-202009

CVE-2010-2449

MEDIUM
CVSS:6.5(Medium)

Gource through 0.26 logs to a predictable file name (/tmp/gource-$UID.tmp), enabling attackers to overwrite an arbitrary file via a symlink attack.

CWE-202010

CVE-2010-2473

MEDIUM
CVSS:6.5(Medium)

Drupal 6.x before 6.16 and 5.x before version 5.22 does not properly block users under certain circumstances. A user with an open session that was blocked could maintain their session on the Drupal si...

CWE-202010

CVE-2010-2490

MEDIUM
CVSS:6.5(Medium)

Mumble: murmur-server has DoS due to malformed client query

CWE-202010

CVE-2010-3050

MEDIUM
CVSS:6.5(Medium)

Cisco IOS before 12.2(33)SXI allows remote authenticated users to cause a denial of service (device reboot).

CWE-202010

CVE-2010-3439

MEDIUM
CVSS:6.5(Medium)

It is possible to cause a DoS condition by causing the server to crash in alien-arena 7.33 by supplying various invalid parameters to the download command.

CWE-202010