Sign-up

ID

VAR-201805-0524


CVE

CVE-2018-0289


TITLE

Cisco Identity Services Engine Vulnerable to cross-site scripting

Trust: 0.8

sources: JVNDB: JVNDB-2018-005161

DESCRIPTION

A vulnerability in the logs component of Cisco Identity Services Engine could allow an unauthenticated, remote attacker to conduct cross-site scripting attacks. The vulnerability is due to improper validation of requests stored in logs in the application management interface. An attacker could exploit this vulnerability by sending malicious requests to the targeted system. An exploit could allow the attacker to conduct cross-site scripting attacks when an administrator views the log files. Cisco Bug IDs: CSCvh11308. Vendors have confirmed this vulnerability Bug ID CSCvh11308 It is released as.Information may be obtained and information may be altered. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. The platform monitors the network by collecting real-time information on the network, users and devices, and formulating and implementing corresponding policies. The logs component is one of the log components

Trust: 1.98

sources: NVD: CVE-2018-0289 // JVNDB: JVNDB-2018-005161 // BID: 104196 // VULHUB: VHN-118491

AFFECTED PRODUCTS

vendor:ciscomodel:identity services engine softwarescope:eqversion:2.3\(0.298\)

Trust: 1.6

vendor:ciscomodel:identity services engine softwarescope:eqversion:2.4\(0.223\)

Trust: 1.6

vendor:ciscomodel:identity services engine softwarescope: - version: -

Trust: 0.8

vendor:ciscomodel:identity services enginescope:eqversion:0

Trust: 0.3

sources: BID: 104196 // JVNDB: JVNDB-2018-005161 // CNNVD: CNNVD-201805-627 // NVD: CVE-2018-0289

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-0289
value: MEDIUM

Trust: 1.0

NVD: CVE-2018-0289
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201805-627
value: MEDIUM

Trust: 0.6

VULHUB: VHN-118491
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2018-0289
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-118491
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-0289
baseSeverity: MEDIUM
baseScore: 6.1
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 2.7
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-118491 // JVNDB: JVNDB-2018-005161 // CNNVD: CNNVD-201805-627 // NVD: CVE-2018-0289

PROBLEMTYPE DATA

problemtype:CWE-79

Trust: 1.9

sources: VULHUB: VHN-118491 // JVNDB: JVNDB-2018-005161 // NVD: CVE-2018-0289

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201805-627

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-201805-627

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-005161

PATCH
title:cisco-sa-20180516-ise-xssurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180516-ise-xss\
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2018-005161

EXTERNAL IDS
db:NVDid:CVE-2018-0289
Trust: 2.8
db:BIDid:104196
Trust: 2.0
db:SECTRACKid:1040925
Trust: 1.7
db:JVNDBid:JVNDB-2018-005161
Trust: 0.8
db:CNNVDid:CNNVD-201805-627
Trust: 0.6
db:VULHUBid:VHN-118491
Trust: 0.1
sources:
            
            
            VULHUB: VHN-118491 // 
            
            
            
            BID: 104196 // 
            
            
            
            JVNDB: JVNDB-2018-005161 // 
            
            
            
            CNNVD: CNNVD-201805-627 // 
            
            
            
            NVD: CVE-2018-0289

REFERENCES
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20180516-ise-xss
Trust: 2.0
url:http://www.securityfocus.com/bid/104196
Trust: 1.7
url:http://www.securitytracker.com/id/1040925
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0289
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-0289
Trust: 0.8
url:http://www.cisco.com/
Trust: 0.3
sources:
            
            
            VULHUB: VHN-118491 // 
            
            
            
            BID: 104196 // 
            
            
            
            JVNDB: JVNDB-2018-005161 // 
            
            
            
            CNNVD: CNNVD-201805-627 // 
            
            
            
            NVD: CVE-2018-0289

CREDITS
Cisco
Trust: 0.3
sources:
            
            
            BID: 104196

SOURCES
db:VULHUBid:VHN-118491
db:BIDid:104196
db:JVNDBid:JVNDB-2018-005161
db:CNNVDid:CNNVD-201805-627
db:NVDid:CVE-2018-0289

LAST UPDATE DATE
2024-11-23T23:12:08.200000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-118491date:2019-10-09T00:00:00
db:BIDid:104196date:2018-05-16T00:00:00
db:JVNDBid:JVNDB-2018-005161date:2018-07-09T00:00:00
db:CNNVDid:CNNVD-201805-627date:2019-10-17T00:00:00
db:NVDid:CVE-2018-0289date:2024-11-21T03:37:54.280

SOURCES RELEASE DATE
db:VULHUBid:VHN-118491date:2018-05-17T00:00:00
db:BIDid:104196date:2018-05-16T00:00:00
db:JVNDBid:JVNDB-2018-005161date:2018-07-09T00:00:00
db:CNNVDid:CNNVD-201805-627date:2018-05-18T00:00:00
db:NVDid:CVE-2018-0289date:2018-05-17T03:29:00.573