Sign-up

ID

VAR-201801-1049


CVE

CVE-2018-0098


TITLE

Cisco WAP150 and WAP361 Wireless-AC/N Dual wireless access point cross-site scripting vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2018-001623

DESCRIPTION

A vulnerability in the web-based management interface of Cisco WAP150 Wireless-AC/N Dual Radio Access Point with Power over Ethernet (PoE) and WAP361 Wireless-AC/N Dual Radio Wall Plate Access Point with PoE could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or allow the attacker to access sensitive browser-based information. Cisco Bug IDs: CSCve57076. Cisco WAP150 and WAP361 Wireless-AC/N Dual wireless access points are vulnerable to cross-site scripting. Vendors have confirmed this vulnerability Bug ID CSCve57076 It is released as.Information may be obtained and information may be altered. The vulnerability stems from the failure of the program to adequately validate user-submitted data. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks

Trust: 2.52

sources: NVD: CVE-2018-0098 // JVNDB: JVNDB-2018-001623 // CNVD: CNVD-2018-02364 // BID: 102763 // VULHUB: VHN-118300

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2018-02364

AFFECTED PRODUCTS

vendor:ciscomodel:wap150scope:eqversion: -

Trust: 1.6

vendor:ciscomodel:wap361scope:eqversion: -

Trust: 1.6

vendor:ciscomodel:wap150scope: - version: -

Trust: 0.8

vendor:ciscomodel:wap361scope: - version: -

Trust: 0.8

vendor:ciscomodel:wap150 wireless-ac/nscope: - version: -

Trust: 0.6

vendor:ciscomodel:wap361 wireless-ac/nscope: - version: -

Trust: 0.6

vendor:ciscomodel:wap361 wirelessscope:eqversion:0

Trust: 0.3

vendor:ciscomodel:wap150 wirelessscope:eqversion:0

Trust: 0.3

sources: CNVD: CNVD-2018-02364 // BID: 102763 // JVNDB: JVNDB-2018-001623 // CNNVD: CNNVD-201801-621 // NVD: CVE-2018-0098

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-0098
value: MEDIUM

Trust: 1.0

NVD: CVE-2018-0098
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2018-02364
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201801-621
value: MEDIUM

Trust: 0.6

VULHUB: VHN-118300
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2018-0098
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2018-02364
severity: MEDIUM
baseScore: 5.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.0
impactScore: 4.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-118300
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-0098
baseSeverity: MEDIUM
baseScore: 6.1
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 2.7
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2018-02364 // VULHUB: VHN-118300 // JVNDB: JVNDB-2018-001623 // CNNVD: CNNVD-201801-621 // NVD: CVE-2018-0098

PROBLEMTYPE DATA

problemtype:CWE-79

Trust: 1.9

sources: VULHUB: VHN-118300 // JVNDB: JVNDB-2018-001623 // NVD: CVE-2018-0098

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201801-621

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-201801-621

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-001623

PATCH
title:cisco-sa-20180117-wapurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180117-wap
Trust: 0.8
title:Patch for CiscoWAP150 Cross-Site Scripting Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/115075
Trust: 0.6
title:Cisco WAP150 Wireless-AC/N Dual Radio Access Point  and WAP361 Wireless-AC/N Dual Radio Wall Plate Access Point Fixes for cross-site scripting vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=77801
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2018-02364 // 
            
            
            
            JVNDB: JVNDB-2018-001623 // 
            
            
            
            CNNVD: CNNVD-201801-621

EXTERNAL IDS
db:NVDid:CVE-2018-0098
Trust: 3.4
db:BIDid:102763
Trust: 2.0
db:JVNDBid:JVNDB-2018-001623
Trust: 0.8
db:CNNVDid:CNNVD-201801-621
Trust: 0.7
db:CNVDid:CNVD-2018-02364
Trust: 0.6
db:VULHUBid:VHN-118300
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2018-02364 // 
            
            
            
            VULHUB: VHN-118300 // 
            
            
            
            BID: 102763 // 
            
            
            
            JVNDB: JVNDB-2018-001623 // 
            
            
            
            CNNVD: CNNVD-201801-621 // 
            
            
            
            NVD: CVE-2018-0098

REFERENCES
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20180117-wap
Trust: 2.6
url:http://www.securityfocus.com/bid/102763
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0098
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-0098
Trust: 0.8
url:http://www.cisco.com/
Trust: 0.3
sources:
            
            
            CNVD: CNVD-2018-02364 // 
            
            
            
            VULHUB: VHN-118300 // 
            
            
            
            BID: 102763 // 
            
            
            
            JVNDB: JVNDB-2018-001623 // 
            
            
            
            CNNVD: CNNVD-201801-621 // 
            
            
            
            NVD: CVE-2018-0098

CREDITS
The vendor reported this issue.
Trust: 0.3
sources:
            
            
            BID: 102763

SOURCES
db:CNVDid:CNVD-2018-02364
db:VULHUBid:VHN-118300
db:BIDid:102763
db:JVNDBid:JVNDB-2018-001623
db:CNNVDid:CNNVD-201801-621
db:NVDid:CVE-2018-0098

LAST UPDATE DATE
2024-11-23T22:00:46.257000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2018-02364date:2018-01-31T00:00:00
db:VULHUBid:VHN-118300date:2019-10-09T00:00:00
db:BIDid:102763date:2018-01-17T00:00:00
db:JVNDBid:JVNDB-2018-001623date:2018-02-27T00:00:00
db:CNNVDid:CNNVD-201801-621date:2019-10-17T00:00:00
db:NVDid:CVE-2018-0098date:2024-11-21T03:37:30.993

SOURCES RELEASE DATE
db:CNVDid:CNVD-2018-02364date:2018-01-31T00:00:00
db:VULHUBid:VHN-118300date:2018-01-18T00:00:00
db:BIDid:102763date:2018-01-17T00:00:00
db:JVNDBid:JVNDB-2018-001623date:2018-02-27T00:00:00
db:CNNVDid:CNNVD-201801-621date:2018-01-22T00:00:00
db:NVDid:CVE-2018-0098date:2018-01-18T06:29:00.940