CVE-2018-6288

Name of the Vulnerable Software and Affected Versions Kaspersky Secure Mail Gateway version 1.1

Description The issue is related to a lack of CSRF token in web forms, insufficient protection of the web page structure, and inadequate output encoding, which can allow a remote attacker to perform a cross-site request forgery attack, potentially leading to administrative account takeover or gaining root privileges on the affected system. The attacker can exploit this issue by using a specially crafted script or configuration file.

Recommendations For Kaspersky Secure Mail Gateway version 1.1, update to a newer version that includes a fix for this issue. As a temporary workaround, consider disabling access to the web console until a patch is available. Restrict access to the administrative account to minimize the risk of exploitation. Avoid using the vulnerable web forms until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.