Lucene search

[email protected]NVD:CVE-2018-0355

HistoryJun 07, 2018 - 9:29 p.m.

CVE-2018-0355

2018-06-0721:29:00

CWE-1021

CWE-20

[email protected]

web.nvd.nist.gov

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

48.9%

JSON

A vulnerability in the web UI of Cisco Unified Communications Manager (Unified CM) could allow an unauthenticated, remote attacker to conduct a cross-frame scripting (XFS) attack against the user of the web UI of an affected system. The vulnerability is due to insufficient protections for HTML inline frames (iframes) by the web UI of the affected software. An attacker could exploit this vulnerability by persuading a user of the affected UI to navigate to an attacker-controlled web page that contains a malicious HTML iframe. A successful exploit could allow the attacker to conduct click-jacking or other client-side browser attacks on the affected system. Cisco Bug IDs: CSCvg19761.

Affected configurations

Nvd

Node

ciscounified_communications_managerMatch10.5\(2.10000.5\)

ciscounified_communications_managerMatch11.0\(1.10000.10\)

ciscounified_communications_managerMatch11.5\(1.10000.6\)

ciscounified_communications_managerMatch12.0\(1.10000.10\)

VendorProductVersionCPE
ciscounified_communications_manager10.5(2.10000.5)cpe:2.3:a:cisco:unified_communications_manager:10.5\(2.10000.5\):*:*:*:*:*:*:*
ciscounified_communications_manager11.0(1.10000.10)cpe:2.3:a:cisco:unified_communications_manager:11.0\(1.10000.10\):*:*:*:*:*:*:*
ciscounified_communications_manager11.5(1.10000.6)cpe:2.3:a:cisco:unified_communications_manager:11.5\(1.10000.6\):*:*:*:*:*:*:*
ciscounified_communications_manager12.0(1.10000.10)cpe:2.3:a:cisco:unified_communications_manager:12.0\(1.10000.10\):*:*:*:*:*:*:*

Vendor	Product	Version	CPE
cisco	unified_communications_manager	10.5(2.10000.5)	cpe:2.3:a:cisco:unified_communications_manager:10.5\(2.10000.5\):::::::*
cisco	unified_communications_manager	11.0(1.10000.10)	cpe:2.3:a:cisco:unified_communications_manager:11.0\(1.10000.10\):::::::*
cisco	unified_communications_manager	11.5(1.10000.6)	cpe:2.3:a:cisco:unified_communications_manager:11.5\(1.10000.6\):::::::*
cisco	unified_communications_manager	12.0(1.10000.10)	cpe:2.3:a:cisco:unified_communications_manager:12.0\(1.10000.10\):::::::*

References

www.securityfocus.com/bid/104425

www.securitytracker.com/id/1041068

tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-cucm-xfs

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

48.9%

JSON

Related for NVD:CVE-2018-0355

cvelist1 prion1 cisco1 cve1