9.8
CVSSv3

CVE-2018-12571

Published: 05/07/2018 Updated: 04/09/2018
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10
CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9
VMScore: 668
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Summary

uniquesig0/InternalSite/InitParams.aspx in Microsoft Forefront Unified Access Gateway 2010 allows remote malicious users to trigger outbound DNS queries for arbitrary hosts via a comma-separated list of URLs in the orig_url parameter, possibly causing a traffic amplification and/or SSRF outcome.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

microsoft forefront unified access gateway 2010

Exploits

Microsoft Forefront Unified Access Gateway 2010 allows remote attackers to trigger outbound DNS queries for arbitrary hosts via a comma-separated list of URLs in the orig_url parameter, possibly causing a traffic amplification and/or SSRF outcome ...

Mailing Lists

# Exploit Title: Microsoft Forefront Unified Access Gateway 2010 External DNS Interaction # Vendor Homepage: wwwmicrosoftcom/ # Version: 2010 # CVE : CVE-2018-12571 # Proof of Concept #1 Microsoft Forefront Unified Access Gateway 2010 allows remote attackers to trigger outbound DNS queries for arbitrary hosts via a comma-separated list o ...
Can this be used to perform DNS exfiltration ? (Assuming the UGW is whitelisted to perform DNS (which it likely must be) _______________________________________________ Sent through the Full Disclosure mailing list nmaporg/mailman/listinfo/fulldisclosure Web Archives & RSS: seclistsorg/fulldisclosure/ ...
# Exploit Title: Microsoft Forefront Unified Access Gateway 2010 External DNS Interaction # Vendor Homepage: wwwmicrosoftcom/ # Version: 2010 # CVE : CVE-2018-12571 # MSRC: Case 39000 # Proof of Concept #1 Microsoft Forefront Unified Access Gateway 2010 allows remote attackers to trigger outbound DNS queries for arbitrary hosts via a com ...