Details of VAR-201802-0686

ID

VAR-201802-0686

CVE

CVE-2018-0199

TITLE

Cisco Jabber Client Framework Vulnerable to cross-site scripting

Trust: 0.8

sources: JVNDB: JVNDB-2018-002191

DESCRIPTION

A vulnerability in Cisco Jabber Client Framework (JCF) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of an affected device. The vulnerability is due to improper neutralization of script in attributes in a web page. An attacker could exploit this vulnerability by executing arbitrary JavaScript in the Jabber client of the recipient. An exploit could allow the attacker to perform remote code execution. Cisco Bug IDs: CSCve53989. Vendors have confirmed this vulnerability Bug ID CSCve53989 It is released as.Information may be obtained and information may be altered. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. The framework provides online status display, instant messaging, voice and other functions

Trust: 1.98

sources: NVD: CVE-2018-0199 // JVNDB: JVNDB-2018-002191 // BID: 103143 // VULHUB: VHN-118401

AFFECTED PRODUCTS

vendor:	cisco	model:	jabber	scope:	eq	version:	11.9\(0\)	Trust: 1.6
vendor:	cisco	model:	jabber	scope:	eq	version:	-	Trust: 1.6
vendor:	cisco	model:	jabber	scope:	eq	version:	11.9	Trust: 1.6
vendor:	cisco	model:	jabber	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	jabber for windows	scope:	eq	version:	11.9(0)	Trust: 0.3
vendor:	cisco	model:	jabber for mac	scope:	eq	version:	0	Trust: 0.3

sources: BID: 103143 // JVNDB: JVNDB-2018-002191 // CNNVD: CNNVD-201802-435 // NVD: CVE-2018-0199

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2018-0199
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2018-0199
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201802-435
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-118401
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2018-0199
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-118401
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2018-0199
baseSeverity:	MEDIUM
baseScore:	6.1
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	CHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	2.7
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-118401 // JVNDB: JVNDB-2018-002191 // CNNVD: CNNVD-201802-435 // NVD: CVE-2018-0199

PROBLEMTYPE DATA

problemtype:

CWE-79

Trust: 1.9

sources: VULHUB: VHN-118401 // JVNDB: JVNDB-2018-002191 // NVD: CVE-2018-0199

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201802-435

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-201802-435

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-002191

PATCH

title:	cisco-sa-20180221-jcf	url:	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180221-jcf	Trust: 0.8
title:	Cisco Jabber Client Framework Fixes for cross-site scripting vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=78514	Trust: 0.6

sources: JVNDB: JVNDB-2018-002191 // CNNVD: CNNVD-201802-435

EXTERNAL IDS

db:	NVD	id:	CVE-2018-0199	Trust: 2.8
db:	BID	id:	103143	Trust: 2.0
db:	SECTRACK	id:	1040407	Trust: 1.7
db:	JVNDB	id:	JVNDB-2018-002191	Trust: 0.8
db:	CNNVD	id:	CNNVD-201802-435	Trust: 0.7
db:	VULHUB	id:	VHN-118401	Trust: 0.1

sources: VULHUB: VHN-118401 // BID: 103143 // JVNDB: JVNDB-2018-002191 // CNNVD: CNNVD-201802-435 // NVD: CVE-2018-0199

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20180221-jcf	Trust: 2.0
url:	http://www.securityfocus.com/bid/103143	Trust: 1.7
url:	http://www.securitytracker.com/id/1040407	Trust: 1.7
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0199	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2018-0199	Trust: 0.8
url:	http://www.cisco.com/	Trust: 0.3

sources: VULHUB: VHN-118401 // BID: 103143 // JVNDB: JVNDB-2018-002191 // CNNVD: CNNVD-201802-435 // NVD: CVE-2018-0199

CREDITS

The vendor reported this issue.

Trust: 0.3

sources: BID: 103143

SOURCES

db:	VULHUB	id:	VHN-118401
db:	BID	id:	103143
db:	JVNDB	id:	JVNDB-2018-002191
db:	CNNVD	id:	CNNVD-201802-435
db:	NVD	id:	CVE-2018-0199

LAST UPDATE DATE

2024-11-23T22:00:41.291000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-118401	date:	2019-10-09T00:00:00
db:	BID	id:	103143	date:	2018-02-21T00:00:00
db:	JVNDB	id:	JVNDB-2018-002191	date:	2018-03-30T00:00:00
db:	CNNVD	id:	CNNVD-201802-435	date:	2019-10-17T00:00:00
db:	NVD	id:	CVE-2018-0199	date:	2024-11-21T03:37:42.903

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-118401	date:	2018-02-22T00:00:00
db:	BID	id:	103143	date:	2018-02-21T00:00:00
db:	JVNDB	id:	JVNDB-2018-002191	date:	2018-03-30T00:00:00
db:	CNNVD	id:	CNNVD-201802-435	date:	2018-02-22T00:00:00
db:	NVD	id:	CVE-2018-0199	date:	2018-02-22T00:29:00.597