Lucene search

[email protected]NVD:CVE-2018-0328

HistoryMay 17, 2018 - 3:29 a.m.

CVE-2018-0328

2018-05-1703:29:00

CWE-79

[email protected]

web.nvd.nist.gov

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

49.6%

JSON

A vulnerability in the web framework of Cisco Unified Communications Manager and Cisco Unified Presence could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface of an affected system. The vulnerability is due to insufficient input validation of certain parameters that are passed to the affected software via the HTTP GET and HTTP POST methods. An attacker who can convince a user to follow an attacker-supplied link could execute arbitrary script or HTML code in the user’s browser in the context of an affected site. Cisco Bug IDs: CSCvg89116.

Affected configurations

Nvd

Node

ciscounified_communications_managerMatch10.5\(2.10000.5\)

ciscounified_communications_managerMatch11.0\(1.10000.10\)

ciscounified_communications_managerMatch11.5\(1.10000.6\)

ciscounified_communications_managerMatch12.0\(1.10000.10\)

VendorProductVersionCPE
ciscounified_communications_manager10.5(2.10000.5)cpe:2.3:a:cisco:unified_communications_manager:10.5\(2.10000.5\):*:*:*:*:*:*:*
ciscounified_communications_manager11.0(1.10000.10)cpe:2.3:a:cisco:unified_communications_manager:11.0\(1.10000.10\):*:*:*:*:*:*:*
ciscounified_communications_manager11.5(1.10000.6)cpe:2.3:a:cisco:unified_communications_manager:11.5\(1.10000.6\):*:*:*:*:*:*:*
ciscounified_communications_manager12.0(1.10000.10)cpe:2.3:a:cisco:unified_communications_manager:12.0\(1.10000.10\):*:*:*:*:*:*:*

Vendor	Product	Version	CPE
cisco	unified_communications_manager	10.5(2.10000.5)	cpe:2.3:a:cisco:unified_communications_manager:10.5\(2.10000.5\):::::::*
cisco	unified_communications_manager	11.0(1.10000.10)	cpe:2.3:a:cisco:unified_communications_manager:11.0\(1.10000.10\):::::::*
cisco	unified_communications_manager	11.5(1.10000.6)	cpe:2.3:a:cisco:unified_communications_manager:11.5\(1.10000.6\):::::::*
cisco	unified_communications_manager	12.0(1.10000.10)	cpe:2.3:a:cisco:unified_communications_manager:12.0\(1.10000.10\):::::::*

References

www.securityfocus.com/bid/104200

www.securitytracker.com/id/1040928

www.securitytracker.com/id/1040929

tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180516-cucm-cup-xss

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

49.6%

JSON

Related for NVD:CVE-2018-0328

cvelist1 cisco1 cve1 prion1