Lucene search

CiscoCVE-2018-0386

HistoryAug 15, 2018 - 8:29 p.m.

CVE-2018-0386

2018-08-1520:29:00

CWE-79

cisco

web.nvd.nist.gov

cve-2018-0386

cisco

unified communications

domain manager software

xss

cross-site scripting

vulnerability

nvd

security

cisco bug ids

cscvh49694

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

43.6%

JSON

A vulnerability in Cisco Unified Communications Domain Manager Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack on an affected system. The vulnerability is due to improper validation of input that is passed to the affected software. An attacker could exploit this vulnerability by persuading a user of the affected software to access a malicious URL. A successful exploit could allow the attacker to access sensitive, browser-based information on the affected system or perform arbitrary actions in the affected software in the security context of the user. Cisco Bug IDs: CSCvh49694.

Affected configurations

Nvd

Node

ciscohosted_collaboration_solutionMatch11.5\(1\)

ciscounified_communications_domain_managerMatch-

VendorProductVersionCPE
ciscohosted_collaboration_solution11.5(1)cpe:2.3:a:cisco:hosted_collaboration_solution:11.5\(1\):*:*:*:*:*:*:*
ciscounified_communications_domain_manager-cpe:2.3:a:cisco:unified_communications_domain_manager:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
cisco	hosted_collaboration_solution	11.5(1)	cpe:2.3:a:cisco:hosted_collaboration_solution:11.5\(1\):::::::*
cisco	unified_communications_domain_manager	-	cpe:2.3:a:cisco:unified_communications_domain_manager:-:::::::*

CNA Affected

[
  {
    "product": "Unified Communications Domain Manager Software",
    "vendor": "Cisco Systems, Inc.",
    "versions": [
      {
        "status": "affected",
        "version": "unspecified"
      }
    ]
  }
]

References

www.securityfocus.com/bid/105113

www.securitytracker.com/id/1041537

tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180815-cucdm-xss

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

43.6%

JSON

Related for CVE-2018-0386