Sign-up

ID

VAR-201803-1609


CVE

CVE-2018-0190


TITLE

Cisco IOS XE Software cross-site scripting vulnerability

Trust: 1.4

sources: JVNDB: JVNDB-2018-003435 // CNNVD: CNNVD-201803-1006

DESCRIPTION

Multiple vulnerabilities in the web-based user interface (web UI) of Cisco IOS XE Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web UI of the affected software. The vulnerabilities are due to insufficient input validation of certain parameters that are passed to the affected software via the web UI. An attacker could exploit these vulnerabilities by persuading a user of the affected UI to access a malicious link or by intercepting a user request for the affected UI and injecting malicious code into the request. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected UI or allow the attacker to access sensitive browser-based information on the user's system. Cisco Bug IDs: CSCuz38591, CSCvb09530, CSCvb10022. Vendors have confirmed this vulnerability Bug ID CSCuz38591 , CSCvb09530 ,and CSCvb10022 It is released as.Information may be obtained and information may be altered. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks

Trust: 1.98

sources: NVD: CVE-2018-0190 // JVNDB: JVNDB-2018-003435 // BID: 103551 // VULHUB: VHN-118392

AFFECTED PRODUCTS

vendor:ciscomodel:ios xescope:ltversion:16.3.6

Trust: 1.0

vendor:ciscomodel:ios xescope: - version: -

Trust: 0.8

vendor:ciscomodel:ios xescope:eqversion:2.1.2

Trust: 0.6

vendor:ciscomodel:ios xescope:eqversion:2.1.1

Trust: 0.6

vendor:ciscomodel:ios xescope:eqversion:2.3.0t

Trust: 0.6

vendor:ciscomodel:ios xescope:eqversion:2.2.3

Trust: 0.6

vendor:ciscomodel:ios xescope:eqversion:2.2.1

Trust: 0.6

vendor:ciscomodel:ios xescope:eqversion:2.1.0

Trust: 0.6

vendor:ciscomodel:ios xescope:eqversion:2.3.0

Trust: 0.6

vendor:ciscomodel:ios xescope:eqversion: -

Trust: 0.6

vendor:ciscomodel:ios xescope:eqversion:2.3.1

Trust: 0.6

vendor:ciscomodel:ios xescope:eqversion:2.2.2

Trust: 0.6

vendor:ciscomodel:ios xe softwarescope:eqversion:0

Trust: 0.3

vendor:ciscomodel:iosscope:eqversion:16.2

Trust: 0.3

vendor:ciscomodel:iosscope:eqversion:16.1.2

Trust: 0.3

vendor:ciscomodel:iosscope:eqversion:16.3(0)

Trust: 0.3

sources: BID: 103551 // JVNDB: JVNDB-2018-003435 // CNNVD: CNNVD-201803-1006 // NVD: CVE-2018-0190

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-0190
value: MEDIUM

Trust: 1.0

NVD: CVE-2018-0190
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201803-1006
value: MEDIUM

Trust: 0.6

VULHUB: VHN-118392
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2018-0190
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-118392
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-0190
baseSeverity: MEDIUM
baseScore: 6.1
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 2.7
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-118392 // JVNDB: JVNDB-2018-003435 // CNNVD: CNNVD-201803-1006 // NVD: CVE-2018-0190

PROBLEMTYPE DATA

problemtype:CWE-79

Trust: 1.9

sources: VULHUB: VHN-118392 // JVNDB: JVNDB-2018-003435 // NVD: CVE-2018-0190

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201803-1006

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-201803-1006

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-003435

PATCH
title:cisco-sa-20180328-webuixssurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-webuixss
Trust: 0.8
title:Cisco IOS XE Software Fixes for cross-site scripting vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=79474
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2018-003435 // 
            
            
            
            CNNVD: CNNVD-201803-1006

EXTERNAL IDS
db:NVDid:CVE-2018-0190
Trust: 2.8
db:BIDid:103551
Trust: 2.0
db:JVNDBid:JVNDB-2018-003435
Trust: 0.8
db:CNNVDid:CNNVD-201803-1006
Trust: 0.7
db:VULHUBid:VHN-118392
Trust: 0.1
sources:
            
            
            VULHUB: VHN-118392 // 
            
            
            
            BID: 103551 // 
            
            
            
            JVNDB: JVNDB-2018-003435 // 
            
            
            
            CNNVD: CNNVD-201803-1006 // 
            
            
            
            NVD: CVE-2018-0190

REFERENCES
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20180328-webuixss
Trust: 2.0
url:http://www.securityfocus.com/bid/103551
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0190
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-0190
Trust: 0.8
url:http://www.cisco.com/
Trust: 0.3
sources:
            
            
            VULHUB: VHN-118392 // 
            
            
            
            BID: 103551 // 
            
            
            
            JVNDB: JVNDB-2018-003435 // 
            
            
            
            CNNVD: CNNVD-201803-1006 // 
            
            
            
            NVD: CVE-2018-0190

CREDITS
Cisco
Trust: 0.3
sources:
            
            
            BID: 103551

SOURCES
db:VULHUBid:VHN-118392
db:BIDid:103551
db:JVNDBid:JVNDB-2018-003435
db:CNNVDid:CNNVD-201803-1006
db:NVDid:CVE-2018-0190

LAST UPDATE DATE
2024-11-23T21:53:19.892000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-118392date:2019-10-09T00:00:00
db:BIDid:103551date:2018-03-28T00:00:00
db:JVNDBid:JVNDB-2018-003435date:2018-05-23T00:00:00
db:CNNVDid:CNNVD-201803-1006date:2019-10-17T00:00:00
db:NVDid:CVE-2018-0190date:2024-11-21T03:37:41.890

SOURCES RELEASE DATE
db:VULHUBid:VHN-118392date:2018-03-28T00:00:00
db:BIDid:103551date:2018-03-28T00:00:00
db:JVNDBid:JVNDB-2018-003435date:2018-05-23T00:00:00
db:CNNVDid:CNNVD-201803-1006date:2018-03-29T00:00:00
db:NVDid:CVE-2018-0190date:2018-03-28T22:29:02.047