Sign-up

ID

VAR-201805-0511


CVE

CVE-2018-0328


TITLE

Cisco Unified Communications Manager and Cisco Unified Presence Vulnerable to cross-site scripting

Trust: 0.8

sources: JVNDB: JVNDB-2018-005125

DESCRIPTION

A vulnerability in the web framework of Cisco Unified Communications Manager and Cisco Unified Presence could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface of an affected system. The vulnerability is due to insufficient input validation of certain parameters that are passed to the affected software via the HTTP GET and HTTP POST methods. An attacker who can convince a user to follow an attacker-supplied link could execute arbitrary script or HTML code in the user's browser in the context of an affected site. Cisco Bug IDs: CSCvg89116. Vendors have confirmed this vulnerability Bug ID CSCvg89116 It is released as.Information may be obtained and information may be altered. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. CUCM is a call processing component in a unified communication system

Trust: 2.07

sources: NVD: CVE-2018-0328 // JVNDB: JVNDB-2018-005125 // BID: 104200 // VULHUB: VHN-118530 // VULMON: CVE-2018-0328

AFFECTED PRODUCTS

vendor:ciscomodel:unified communications managerscope:eqversion:12.0\(1.10000.10\)

Trust: 1.6

vendor:ciscomodel:unified communications managerscope:eqversion:11.0\(1.10000.10\)

Trust: 1.6

vendor:ciscomodel:unified communications managerscope:eqversion:10.5\(2.10000.5\)

Trust: 1.6

vendor:ciscomodel:unified communications managerscope:eqversion:11.5\(1.10000.6\)

Trust: 1.6

vendor:ciscomodel:unified communications managerscope: - version: -

Trust: 0.8

vendor:ciscomodel:unified presencescope:eqversion:0

Trust: 0.3

vendor:ciscomodel:unified communications managerscope:eqversion:0

Trust: 0.3

sources: BID: 104200 // JVNDB: JVNDB-2018-005125 // CNNVD: CNNVD-201805-619 // NVD: CVE-2018-0328

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-0328
value: MEDIUM

Trust: 1.0

NVD: CVE-2018-0328
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201805-619
value: MEDIUM

Trust: 0.6

VULHUB: VHN-118530
value: MEDIUM

Trust: 0.1

VULMON: CVE-2018-0328
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2018-0328
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-118530
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-0328
baseSeverity: MEDIUM
baseScore: 6.1
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 2.7
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-118530 // VULMON: CVE-2018-0328 // JVNDB: JVNDB-2018-005125 // CNNVD: CNNVD-201805-619 // NVD: CVE-2018-0328

PROBLEMTYPE DATA

problemtype:CWE-79

Trust: 1.9

sources: VULHUB: VHN-118530 // JVNDB: JVNDB-2018-005125 // NVD: CVE-2018-0328

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201805-619

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-201805-619

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-005125

PATCH
title:cisco-sa-20180516-cucm-cup-xssurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180516-cucm-cup-xss
Trust: 0.8
title:Cisco Unified Communications Manager  and Cisco Unified Presence Enter the fix for the verification vulnerabilityurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=83544
Trust: 0.6
title:Cisco: Cisco Unified Communications Manager and Cisco Unified Presence Cross-Site Scripting Vulnerabilityurl:https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-20180516-cucm-cup-xss
Trust: 0.1
sources:
            
            
            VULMON: CVE-2018-0328 // 
            
            
            
            JVNDB: JVNDB-2018-005125 // 
            
            
            
            CNNVD: CNNVD-201805-619

EXTERNAL IDS
db:NVDid:CVE-2018-0328
Trust: 2.9
db:BIDid:104200
Trust: 2.1
db:SECTRACKid:1040929
Trust: 1.8
db:SECTRACKid:1040928
Trust: 1.8
db:JVNDBid:JVNDB-2018-005125
Trust: 0.8
db:CNNVDid:CNNVD-201805-619
Trust: 0.6
db:VULHUBid:VHN-118530
Trust: 0.1
db:VULMONid:CVE-2018-0328
Trust: 0.1
sources:
            
            
            VULHUB: VHN-118530 // 
            
            
            
            VULMON: CVE-2018-0328 // 
            
            
            
            BID: 104200 // 
            
            
            
            JVNDB: JVNDB-2018-005125 // 
            
            
            
            CNNVD: CNNVD-201805-619 // 
            
            
            
            NVD: CVE-2018-0328

REFERENCES
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20180516-cucm-cup-xss
Trust: 2.2
url:http://www.securityfocus.com/bid/104200
Trust: 1.8
url:http://www.securitytracker.com/id/1040928
Trust: 1.8
url:http://www.securitytracker.com/id/1040929
Trust: 1.8
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0328
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-0328
Trust: 0.8
url:http://www.cisco.com/
Trust: 0.3
url:http://www.cisco.com/en/us/products/sw/voicesw/ps556/index.html
Trust: 0.3
url:https://cwe.mitre.org/data/definitions/79.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            VULHUB: VHN-118530 // 
            
            
            
            VULMON: CVE-2018-0328 // 
            
            
            
            BID: 104200 // 
            
            
            
            JVNDB: JVNDB-2018-005125 // 
            
            
            
            CNNVD: CNNVD-201805-619 // 
            
            
            
            NVD: CVE-2018-0328

CREDITS
Dirk Heldner
Trust: 0.3
sources:
            
            
            BID: 104200

SOURCES
db:VULHUBid:VHN-118530
db:VULMONid:CVE-2018-0328
db:BIDid:104200
db:JVNDBid:JVNDB-2018-005125
db:CNNVDid:CNNVD-201805-619
db:NVDid:CVE-2018-0328

LAST UPDATE DATE
2024-11-23T22:12:32.088000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-118530date:2019-10-09T00:00:00
db:VULMONid:CVE-2018-0328date:2019-10-09T00:00:00
db:BIDid:104200date:2018-05-16T00:00:00
db:JVNDBid:JVNDB-2018-005125date:2018-07-06T00:00:00
db:CNNVDid:CNNVD-201805-619date:2019-10-17T00:00:00
db:NVDid:CVE-2018-0328date:2024-11-21T03:37:59.330

SOURCES RELEASE DATE
db:VULHUBid:VHN-118530date:2018-05-17T00:00:00
db:VULMONid:CVE-2018-0328date:2018-05-17T00:00:00
db:BIDid:104200date:2018-05-16T00:00:00
db:JVNDBid:JVNDB-2018-005125date:2018-07-06T00:00:00
db:CNNVDid:CNNVD-201805-619date:2018-05-18T00:00:00
db:NVDid:CVE-2018-0328date:2018-05-17T03:29:00.950