Details of VAR-201805-0510

ID

VAR-201805-0510

CVE

CVE-2018-0327

TITLE

Cisco Identity Services Engine Vulnerable to cross-site scripting

Trust: 0.8

sources: JVNDB: JVNDB-2018-005124

DESCRIPTION

A vulnerability in the web framework of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface of an affected system. The vulnerability is due to insufficient input validation of certain parameters that are passed to the affected software via the HTTP GET and HTTP POST methods. An attacker who can convince a user to follow an attacker-supplied link could execute arbitrary script or HTML code in the user's browser in the context of an affected site. Cisco Bug IDs: CSCvg86743. Vendors have confirmed this vulnerability Bug ID CSCvg86743 It is released as.Information may be obtained and information may be altered. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks. The platform monitors the network by collecting real-time information on the network, users and devices, and formulating and implementing corresponding policies

Trust: 1.98

sources: NVD: CVE-2018-0327 // JVNDB: JVNDB-2018-005124 // BID: 104194 // VULHUB: VHN-118529

AFFECTED PRODUCTS

vendor:	cisco	model:	identity services engine software	scope:	eq	version:	2.1\(0.905\)	Trust: 1.6
vendor:	cisco	model:	identity services engine software	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	identity services engine	scope:	eq	version:	0	Trust: 0.3

sources: BID: 104194 // JVNDB: JVNDB-2018-005124 // CNNVD: CNNVD-201805-620 // NVD: CVE-2018-0327

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2018-0327
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2018-0327
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201805-620
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-118529
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2018-0327
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-118529
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2018-0327
baseSeverity:	MEDIUM
baseScore:	6.1
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	CHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	2.7
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-118529 // JVNDB: JVNDB-2018-005124 // CNNVD: CNNVD-201805-620 // NVD: CVE-2018-0327

PROBLEMTYPE DATA

problemtype:

CWE-79

Trust: 1.9

sources: VULHUB: VHN-118529 // JVNDB: JVNDB-2018-005124 // NVD: CVE-2018-0327

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201805-620

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-201805-620

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-005124

PATCH

title:	cisco-sa-20180516-ident-se-xss	url:	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180516-ident-se-xss	Trust: 0.8
title:	Cisco Identity Services Engine Fixes for cross-site scripting vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=83545	Trust: 0.6

sources: JVNDB: JVNDB-2018-005124 // CNNVD: CNNVD-201805-620

EXTERNAL IDS

db:	NVD	id:	CVE-2018-0327	Trust: 2.8
db:	BID	id:	104194	Trust: 2.0
db:	SECTRACK	id:	1040926	Trust: 1.7
db:	JVNDB	id:	JVNDB-2018-005124	Trust: 0.8
db:	CNNVD	id:	CNNVD-201805-620	Trust: 0.6
db:	VULHUB	id:	VHN-118529	Trust: 0.1

sources: VULHUB: VHN-118529 // BID: 104194 // JVNDB: JVNDB-2018-005124 // CNNVD: CNNVD-201805-620 // NVD: CVE-2018-0327

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20180516-ident-se-xss	Trust: 2.0
url:	http://www.securityfocus.com/bid/104194	Trust: 1.7
url:	http://www.securitytracker.com/id/1040926	Trust: 1.7
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0327	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2018-0327	Trust: 0.8
url:	http://www.cisco.com/	Trust: 0.3

sources: VULHUB: VHN-118529 // BID: 104194 // JVNDB: JVNDB-2018-005124 // CNNVD: CNNVD-201805-620 // NVD: CVE-2018-0327

CREDITS

Cisco

Trust: 0.3

sources: BID: 104194

SOURCES

db:	VULHUB	id:	VHN-118529
db:	BID	id:	104194
db:	JVNDB	id:	JVNDB-2018-005124
db:	CNNVD	id:	CNNVD-201805-620
db:	NVD	id:	CVE-2018-0327

LAST UPDATE DATE

2024-11-23T22:38:12.977000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-118529	date:	2019-10-09T00:00:00
db:	BID	id:	104194	date:	2018-05-16T00:00:00
db:	JVNDB	id:	JVNDB-2018-005124	date:	2018-07-06T00:00:00
db:	CNNVD	id:	CNNVD-201805-620	date:	2019-10-17T00:00:00
db:	NVD	id:	CVE-2018-0327	date:	2024-11-21T03:37:59.183

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-118529	date:	2018-05-17T00:00:00
db:	BID	id:	104194	date:	2018-05-16T00:00:00
db:	JVNDB	id:	JVNDB-2018-005124	date:	2018-07-06T00:00:00
db:	CNNVD	id:	CNNVD-201805-620	date:	2018-05-18T00:00:00
db:	NVD	id:	CVE-2018-0327	date:	2018-05-17T03:29:00.903