Details of VAR-201802-0691

ID

VAR-201802-0691

CVE

CVE-2018-0205

TITLE

Cisco Prime Collaboration Provisioning Tool Vulnerable to cross-site scripting

Trust: 0.8

sources: JVNDB: JVNDB-2018-002244

DESCRIPTION

A vulnerability in the User Provisioning tab in the Cisco Prime Collaboration Provisioning Tool could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack. The vulnerability is due to improper input validation. An attacker could exploit this vulnerability by placing a malicious string in the Prime Collaboration Provisioning database. A successful exploit could allow the attacker to access Cisco Prime Collaboration Provisioning by injecting crafted data into the database. Cisco Bug IDs: CSCvd86609. Vendors have confirmed this vulnerability Bug ID CSCvd86609 It is released as.Information may be obtained and information may be altered. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks. The tool provides IP communications services capabilities for IP telephony, voice mail, and unified communications environments. The User Provisioning tab is one of the user provisioning tabs

Trust: 1.98

sources: NVD: CVE-2018-0205 // JVNDB: JVNDB-2018-002244 // BID: 103145 // VULHUB: VHN-118407

AFFECTED PRODUCTS

vendor:	cisco	model:	prime collaboration provisioning	scope:	eq	version:	12.1	Trust: 1.9
vendor:	cisco	model:	prime collaboration provisioning	scope:	-	version:	-	Trust: 0.8

sources: BID: 103145 // JVNDB: JVNDB-2018-002244 // CNNVD: CNNVD-201802-430 // NVD: CVE-2018-0205

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2018-0205
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2018-0205
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201802-430
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-118407
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2018-0205
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-118407
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2018-0205
baseSeverity:	MEDIUM
baseScore:	6.1
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	CHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	2.7
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-118407 // JVNDB: JVNDB-2018-002244 // CNNVD: CNNVD-201802-430 // NVD: CVE-2018-0205

PROBLEMTYPE DATA

problemtype:

CWE-79

Trust: 1.9

sources: VULHUB: VHN-118407 // JVNDB: JVNDB-2018-002244 // NVD: CVE-2018-0205

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201802-430

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-201802-430

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-002244

PATCH

title:	cisco-sa-20180221-pcpt1	url:	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180221-pcpt1	Trust: 0.8
title:	Cisco Prime Collaboration Provisioning Tool User Provisioning tab Cross-site scripting vulnerability Repair measures	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=78509	Trust: 0.6

sources: JVNDB: JVNDB-2018-002244 // CNNVD: CNNVD-201802-430

EXTERNAL IDS

db:	NVD	id:	CVE-2018-0205	Trust: 2.8
db:	BID	id:	103145	Trust: 2.0
db:	SECTRACK	id:	1040409	Trust: 1.7
db:	JVNDB	id:	JVNDB-2018-002244	Trust: 0.8
db:	CNNVD	id:	CNNVD-201802-430	Trust: 0.7
db:	VULHUB	id:	VHN-118407	Trust: 0.1

sources: VULHUB: VHN-118407 // BID: 103145 // JVNDB: JVNDB-2018-002244 // CNNVD: CNNVD-201802-430 // NVD: CVE-2018-0205

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20180221-pcpt1	Trust: 2.0
url:	http://www.securityfocus.com/bid/103145	Trust: 1.7
url:	http://www.securitytracker.com/id/1040409	Trust: 1.7
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0205	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2018-0205	Trust: 0.8
url:	http://www.cisco.com/	Trust: 0.3
url:	http://www.cisco.com/en/us/products/ps12363/index.html	Trust: 0.3

sources: VULHUB: VHN-118407 // BID: 103145 // JVNDB: JVNDB-2018-002244 // CNNVD: CNNVD-201802-430 // NVD: CVE-2018-0205

CREDITS

The vendor reported this issue.

Trust: 0.3

sources: BID: 103145

SOURCES

db:	VULHUB	id:	VHN-118407
db:	BID	id:	103145
db:	JVNDB	id:	JVNDB-2018-002244
db:	CNNVD	id:	CNNVD-201802-430
db:	NVD	id:	CVE-2018-0205

LAST UPDATE DATE

2024-11-23T22:45:26.586000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-118407	date:	2019-10-09T00:00:00
db:	BID	id:	103145	date:	2018-02-21T00:00:00
db:	JVNDB	id:	JVNDB-2018-002244	date:	2018-04-03T00:00:00
db:	CNNVD	id:	CNNVD-201802-430	date:	2019-10-17T00:00:00
db:	NVD	id:	CVE-2018-0205	date:	2024-11-21T03:37:43.697

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-118407	date:	2018-02-22T00:00:00
db:	BID	id:	103145	date:	2018-02-21T00:00:00
db:	JVNDB	id:	JVNDB-2018-002244	date:	2018-04-03T00:00:00
db:	CNNVD	id:	CNNVD-201802-430	date:	2018-02-22T00:00:00
db:	NVD	id:	CVE-2018-0205	date:	2018-02-22T00:29:00.877