Details of VAR-201806-1039

ID

VAR-201806-1039

CVE

CVE-2018-0356

TITLE

Cisco WebEx Vulnerable to cross-site scripting

Trust: 0.8

sources: JVNDB: JVNDB-2018-006152

DESCRIPTION

A vulnerability in the web framework of Cisco WebEx could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against the user of the web interface of an affected system. The vulnerability is due to insufficient input validation of certain parameters that are passed to the affected software via the HTTP GET and HTTP POST methods. An attacker who can convince a user to follow an attacker-supplied link could execute arbitrary script or HTML code in the user's browser in the context of an affected site. Cisco Bug IDs: CSCvi63757. Cisco WebEx Contains a cross-site scripting vulnerability. Vendors have confirmed this vulnerability Bug IDs: CSCvi63757 It is released as.Information may be obtained and information may be altered. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. Cisco WebEx is a set of Web conferencing tools developed by American Cisco (Cisco), which can assist office workers in different places to coordinate and cooperate. WebEx services include Web conferencing, telepresence video conferencing and enterprise instant messaging (IM)

Trust: 1.98

sources: NVD: CVE-2018-0356 // JVNDB: JVNDB-2018-006152 // BID: 104421 // VULHUB: VHN-118558

AFFECTED PRODUCTS

vendor:	cisco	model:	webex meetings	scope:	eq	version:	t32	Trust: 1.6
vendor:	cisco	model:	webex meetings	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	webex meetings online t32	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	webex	scope:	eq	version:	0	Trust: 0.3

sources: BID: 104421 // JVNDB: JVNDB-2018-006152 // CNNVD: CNNVD-201806-361 // NVD: CVE-2018-0356

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2018-0356
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2018-0356
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201806-361
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-118558
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2018-0356
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-118558
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2018-0356
baseSeverity:	MEDIUM
baseScore:	6.1
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	CHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	2.7
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-118558 // JVNDB: JVNDB-2018-006152 // CNNVD: CNNVD-201806-361 // NVD: CVE-2018-0356

PROBLEMTYPE DATA

problemtype:

CWE-79

Trust: 1.9

sources: VULHUB: VHN-118558 // JVNDB: JVNDB-2018-006152 // NVD: CVE-2018-0356

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201806-361

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-201806-361

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-006152

PATCH

title:	cisco-sa-20180606-webex-xss	url:	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-webex-xss	Trust: 0.8
title:	Cisco WebEx Fixes for cross-site scripting vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=80716	Trust: 0.6

sources: JVNDB: JVNDB-2018-006152 // CNNVD: CNNVD-201806-361

EXTERNAL IDS

db:	NVD	id:	CVE-2018-0356	Trust: 2.8
db:	BID	id:	104421	Trust: 2.0
db:	SECTRACK	id:	1041062	Trust: 1.7
db:	JVNDB	id:	JVNDB-2018-006152	Trust: 0.8
db:	CNNVD	id:	CNNVD-201806-361	Trust: 0.7
db:	VULHUB	id:	VHN-118558	Trust: 0.1

sources: VULHUB: VHN-118558 // BID: 104421 // JVNDB: JVNDB-2018-006152 // CNNVD: CNNVD-201806-361 // NVD: CVE-2018-0356

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20180606-webex-xss	Trust: 2.0
url:	http://www.securityfocus.com/bid/104421	Trust: 1.7
url:	http://www.securitytracker.com/id/1041062	Trust: 1.7
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0356	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2018-0356	Trust: 0.8
url:	http://www.cisco.com/	Trust: 0.3

sources: VULHUB: VHN-118558 // BID: 104421 // JVNDB: JVNDB-2018-006152 // CNNVD: CNNVD-201806-361 // NVD: CVE-2018-0356

CREDITS

Adam Willard

Trust: 0.3

sources: BID: 104421

SOURCES

db:	VULHUB	id:	VHN-118558
db:	BID	id:	104421
db:	JVNDB	id:	JVNDB-2018-006152
db:	CNNVD	id:	CNNVD-201806-361
db:	NVD	id:	CVE-2018-0356

LAST UPDATE DATE

2024-11-23T23:05:05.578000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-118558	date:	2019-10-09T00:00:00
db:	BID	id:	104421	date:	2018-06-06T00:00:00
db:	JVNDB	id:	JVNDB-2018-006152	date:	2018-08-09T00:00:00
db:	CNNVD	id:	CNNVD-201806-361	date:	2019-10-17T00:00:00
db:	NVD	id:	CVE-2018-0356	date:	2024-11-21T03:38:03.090

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-118558	date:	2018-06-07T00:00:00
db:	BID	id:	104421	date:	2018-06-06T00:00:00
db:	JVNDB	id:	JVNDB-2018-006152	date:	2018-08-09T00:00:00
db:	CNNVD	id:	CNNVD-201806-361	date:	2018-06-08T00:00:00
db:	NVD	id:	CVE-2018-0356	date:	2018-06-07T21:29:00.887