Sign-up

ID

VAR-201806-1020


CVE

CVE-2018-0340


TITLE

Cisco Unified Communications Manager Software cross-site scripting vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2018-006096

DESCRIPTION

A vulnerability in the web framework of the Cisco Unified Communications Manager (Unified CM) software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against the user of the web interface of the affected system. The vulnerability is due to insufficient input validation of certain parameters passed to the web server. An attacker could exploit this vulnerability by convincing the user to access a malicious link or by intercepting the user request and injecting certain malicious code. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected site or allow the attacker to access sensitive browser-based information. Cisco Bug IDs: CSCvj00512. Vendors have confirmed this vulnerability Bug ID CSCvj00512 It is released as.Information may be obtained and information may be altered. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. This component provides a scalable, distributed and highly available enterprise IP telephony call processing solution

Trust: 1.98

sources: NVD: CVE-2018-0340 // JVNDB: JVNDB-2018-006096 // BID: 104448 // VULHUB: VHN-118542

AFFECTED PRODUCTS

vendor:ciscomodel:unified communications managerscope:eqversion:12.0\(1.10000.10\)

Trust: 1.6

vendor:ciscomodel:unified communications managerscope:eqversion:11.0\(1.10000.10\)

Trust: 1.6

vendor:ciscomodel:unified communications managerscope:eqversion:10.5\(2.10000.5\)

Trust: 1.6

vendor:ciscomodel:unified communications managerscope:eqversion:11.5\(1.10000.6\)

Trust: 1.6

vendor:ciscomodel:unified communications managerscope: - version: -

Trust: 0.8

vendor:ciscomodel:unified communications managerscope:eqversion:0

Trust: 0.3

sources: BID: 104448 // JVNDB: JVNDB-2018-006096 // CNNVD: CNNVD-201806-365 // NVD: CVE-2018-0340

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-0340
value: MEDIUM

Trust: 1.0

NVD: CVE-2018-0340
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201806-365
value: MEDIUM

Trust: 0.6

VULHUB: VHN-118542
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2018-0340
severity: LOW
baseScore: 3.5
vectorString: AV:N/AC:M/AU:S/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 6.8
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-118542
severity: LOW
baseScore: 3.5
vectorString: AV:N/AC:M/AU:S/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: SINGLE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 6.8
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-0340
baseSeverity: MEDIUM
baseScore: 5.4
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 2.3
impactScore: 2.7
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-118542 // JVNDB: JVNDB-2018-006096 // CNNVD: CNNVD-201806-365 // NVD: CVE-2018-0340

PROBLEMTYPE DATA

problemtype:CWE-79

Trust: 1.9

sources: VULHUB: VHN-118542 // JVNDB: JVNDB-2018-006096 // NVD: CVE-2018-0340

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201806-365

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-201806-365

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-006096

PATCH
title:cisco-sa-20180606-ucm-xssurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-ucm-xss
Trust: 0.8
title:Cisco Unified Communications Manager Fixes for cross-site scripting vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=80720
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2018-006096 // 
            
            
            
            CNNVD: CNNVD-201806-365

EXTERNAL IDS
db:NVDid:CVE-2018-0340
Trust: 2.8
db:BIDid:104448
Trust: 2.0
db:SECTRACKid:1041070
Trust: 1.7
db:JVNDBid:JVNDB-2018-006096
Trust: 0.8
db:CNNVDid:CNNVD-201806-365
Trust: 0.7
db:VULHUBid:VHN-118542
Trust: 0.1
sources:
            
            
            VULHUB: VHN-118542 // 
            
            
            
            BID: 104448 // 
            
            
            
            JVNDB: JVNDB-2018-006096 // 
            
            
            
            CNNVD: CNNVD-201806-365 // 
            
            
            
            NVD: CVE-2018-0340

REFERENCES
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20180606-ucm-xss
Trust: 2.0
url:http://www.securityfocus.com/bid/104448
Trust: 1.7
url:http://www.securitytracker.com/id/1041070
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0340
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-0340
Trust: 0.8
url:http://www.cisco.com/
Trust: 0.3
url:http://www.cisco.com/en/us/products/sw/voicesw/ps556/index.html
Trust: 0.3
sources:
            
            
            VULHUB: VHN-118542 // 
            
            
            
            BID: 104448 // 
            
            
            
            JVNDB: JVNDB-2018-006096 // 
            
            
            
            CNNVD: CNNVD-201806-365 // 
            
            
            
            NVD: CVE-2018-0340

CREDITS
The vendor reported this issue.
Trust: 0.3
sources:
            
            
            BID: 104448

SOURCES
db:VULHUBid:VHN-118542
db:BIDid:104448
db:JVNDBid:JVNDB-2018-006096
db:CNNVDid:CNNVD-201806-365
db:NVDid:CVE-2018-0340

LAST UPDATE DATE
2024-11-23T22:22:04.086000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-118542date:2019-10-09T00:00:00
db:BIDid:104448date:2018-06-06T00:00:00
db:JVNDBid:JVNDB-2018-006096date:2018-08-07T00:00:00
db:CNNVDid:CNNVD-201806-365date:2019-10-17T00:00:00
db:NVDid:CVE-2018-0340date:2024-11-21T03:38:00.933

SOURCES RELEASE DATE
db:VULHUBid:VHN-118542date:2018-06-07T00:00:00
db:BIDid:104448date:2018-06-06T00:00:00
db:JVNDBid:JVNDB-2018-006096date:2018-08-07T00:00:00
db:CNNVDid:CNNVD-201806-365date:2018-06-08T00:00:00
db:NVDid:CVE-2018-0340date:2018-06-07T21:29:00.713