Details of VAR-201802-0688

ID

VAR-201802-0688

CVE

CVE-2018-0201

TITLE

Cisco Jabber Client Framework Vulnerable to cross-site scripting

Trust: 0.8

sources: JVNDB: JVNDB-2018-002243

DESCRIPTION

A vulnerability in Cisco Jabber Client Framework (JCF) could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of an affected device. The vulnerability is due to improper neutralization of input during web page generation. An attacker could exploit this vulnerability by embedding media in instant messages. An exploit could allow the attacker to cause the recipient chat client to make outbound requests. Cisco Bug IDs: CSCve54001. Vendors have confirmed this vulnerability Bug ID CSCve54001 It is released as.Information may be obtained and information may be altered. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. The framework provides online status display, instant messaging, voice and other functions

Trust: 1.98

sources: NVD: CVE-2018-0201 // JVNDB: JVNDB-2018-002243 // BID: 103133 // VULHUB: VHN-118403

AFFECTED PRODUCTS

vendor:	cisco	model:	jabber	scope:	eq	version:	11.9\(.0\)	Trust: 1.6
vendor:	cisco	model:	jabber	scope:	eq	version:	-	Trust: 1.6
vendor:	cisco	model:	jabber	scope:	eq	version:	11.9	Trust: 1.6
vendor:	cisco	model:	jabber	scope:	eq	version:	client framework	Trust: 0.8
vendor:	cisco	model:	jabber for windows	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	jabber for mac	scope:	eq	version:	0	Trust: 0.3

sources: BID: 103133 // JVNDB: JVNDB-2018-002243 // CNNVD: CNNVD-201802-433 // NVD: CVE-2018-0201

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2018-0201
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2018-0201
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201802-433
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-118403
value:	LOW
Trust: 0.1

nvd@nist.gov:	CVE-2018-0201
severity:	LOW
baseScore:	3.5
vectorString:	AV:N/AC:M/AU:S/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	6.8
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-118403
severity:	LOW
baseScore:	3.5
vectorString:	AV:N/AC:M/AU:S/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	6.8
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2018-0201
baseSeverity:	MEDIUM
baseScore:	5.4
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	REQUIRED
scope:	CHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	2.3
impactScore:	2.7
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-118403 // JVNDB: JVNDB-2018-002243 // CNNVD: CNNVD-201802-433 // NVD: CVE-2018-0201

PROBLEMTYPE DATA

problemtype:

CWE-79

Trust: 1.9

sources: VULHUB: VHN-118403 // JVNDB: JVNDB-2018-002243 // NVD: CVE-2018-0201

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201802-433

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-201802-433

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-002243

PATCH

title:	cisco-sa-20180221-jcf1	url:	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180221-jcf1	Trust: 0.8
title:	Cisco Jabber Client Framework Fixes for cross-site scripting vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=78512	Trust: 0.6

sources: JVNDB: JVNDB-2018-002243 // CNNVD: CNNVD-201802-433

EXTERNAL IDS

db:	NVD	id:	CVE-2018-0201	Trust: 2.8
db:	BID	id:	103133	Trust: 2.0
db:	SECTRACK	id:	1040406	Trust: 1.7
db:	JVNDB	id:	JVNDB-2018-002243	Trust: 0.8
db:	CNNVD	id:	CNNVD-201802-433	Trust: 0.7
db:	VULHUB	id:	VHN-118403	Trust: 0.1

sources: VULHUB: VHN-118403 // BID: 103133 // JVNDB: JVNDB-2018-002243 // CNNVD: CNNVD-201802-433 // NVD: CVE-2018-0201

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20180221-jcf1	Trust: 2.0
url:	http://www.securityfocus.com/bid/103133	Trust: 1.7
url:	http://www.securitytracker.com/id/1040406	Trust: 1.7
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0201	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2018-0201	Trust: 0.8
url:	http://www.cisco.com/	Trust: 0.3

sources: VULHUB: VHN-118403 // BID: 103133 // JVNDB: JVNDB-2018-002243 // CNNVD: CNNVD-201802-433 // NVD: CVE-2018-0201

CREDITS

The vendor reported this issue.

Trust: 0.3

sources: BID: 103133

SOURCES

db:	VULHUB	id:	VHN-118403
db:	BID	id:	103133
db:	JVNDB	id:	JVNDB-2018-002243
db:	CNNVD	id:	CNNVD-201802-433
db:	NVD	id:	CVE-2018-0201

LAST UPDATE DATE

2024-11-23T22:38:16.350000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-118403	date:	2019-10-09T00:00:00
db:	BID	id:	103133	date:	2018-02-21T00:00:00
db:	JVNDB	id:	JVNDB-2018-002243	date:	2018-04-03T00:00:00
db:	CNNVD	id:	CNNVD-201802-433	date:	2019-10-17T00:00:00
db:	NVD	id:	CVE-2018-0201	date:	2024-11-21T03:37:43.163

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-118403	date:	2018-02-22T00:00:00
db:	BID	id:	103133	date:	2018-02-21T00:00:00
db:	JVNDB	id:	JVNDB-2018-002243	date:	2018-04-03T00:00:00
db:	CNNVD	id:	CNNVD-201802-433	date:	2018-02-23T00:00:00
db:	NVD	id:	CVE-2018-0201	date:	2018-02-22T00:29:00.687