Details of VAR-201806-1040

ID

VAR-201806-1040

CVE

CVE-2018-0357

TITLE

Cisco WebEx Vulnerable to cross-site scripting

Trust: 0.8

sources: JVNDB: JVNDB-2018-006153

DESCRIPTION

A vulnerability in the web framework of Cisco WebEx could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against the user of the web interface of an affected system. The vulnerability is due to insufficient input validation of certain parameters that are passed to the affected software via the HTTP GET and HTTP POST methods. An attacker who can convince a user to follow an attacker-supplied link could execute arbitrary script or HTML code in the user's browser in the context of an affected site. Cisco Bug IDs: CSCvi71274. Cisco WebEx Contains a cross-site scripting vulnerability. Vendors have confirmed this vulnerability Bug IDs: CSCvi71274 It is released as.Information may be obtained and information may be altered. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. Cisco WebEx is a set of Web conferencing tools developed by American Cisco (Cisco), which can assist office workers in different places to coordinate and cooperate. WebEx services include Web conferencing, telepresence video conferencing and enterprise instant messaging (IM)

Trust: 1.98

sources: NVD: CVE-2018-0357 // JVNDB: JVNDB-2018-006153 // BID: 104420 // VULHUB: VHN-118559

AFFECTED PRODUCTS

vendor:	cisco	model:	webex meetings	scope:	eq	version:	1.3.5	Trust: 1.6
vendor:	cisco	model:	webex meetings	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	webex meetings online webex11-v1.3.5	scope:	-	version:	-	Trust: 0.3
vendor:	cisco	model:	webex	scope:	eq	version:	0	Trust: 0.3

sources: BID: 104420 // JVNDB: JVNDB-2018-006153 // CNNVD: CNNVD-201806-360 // NVD: CVE-2018-0357

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2018-0357
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2018-0357
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201806-360
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-118559
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2018-0357
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-118559
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2018-0357
baseSeverity:	MEDIUM
baseScore:	6.1
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	CHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	2.7
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-118559 // JVNDB: JVNDB-2018-006153 // CNNVD: CNNVD-201806-360 // NVD: CVE-2018-0357

PROBLEMTYPE DATA

problemtype:

CWE-79

Trust: 1.9

sources: VULHUB: VHN-118559 // JVNDB: JVNDB-2018-006153 // NVD: CVE-2018-0357

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201806-360

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-201806-360

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-006153

PATCH

title:	cisco-sa-20180606-webex-xss1	url:	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-webex-xss1	Trust: 0.8
title:	Cisco WebEx Fixes for cross-site scripting vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=80715	Trust: 0.6

sources: JVNDB: JVNDB-2018-006153 // CNNVD: CNNVD-201806-360

EXTERNAL IDS

db:	NVD	id:	CVE-2018-0357	Trust: 2.8
db:	BID	id:	104420	Trust: 2.0
db:	SECTRACK	id:	1041063	Trust: 1.7
db:	JVNDB	id:	JVNDB-2018-006153	Trust: 0.8
db:	CNNVD	id:	CNNVD-201806-360	Trust: 0.7
db:	VULHUB	id:	VHN-118559	Trust: 0.1

sources: VULHUB: VHN-118559 // BID: 104420 // JVNDB: JVNDB-2018-006153 // CNNVD: CNNVD-201806-360 // NVD: CVE-2018-0357

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20180606-webex-xss1	Trust: 2.0
url:	http://www.securityfocus.com/bid/104420	Trust: 1.7
url:	http://www.securitytracker.com/id/1041063	Trust: 1.7
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0357	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2018-0357	Trust: 0.8
url:	http://www.cisco.com/	Trust: 0.3

sources: VULHUB: VHN-118559 // BID: 104420 // JVNDB: JVNDB-2018-006153 // CNNVD: CNNVD-201806-360 // NVD: CVE-2018-0357

CREDITS

Daniel Diez Tainta

Trust: 0.3

sources: BID: 104420

SOURCES

db:	VULHUB	id:	VHN-118559
db:	BID	id:	104420
db:	JVNDB	id:	JVNDB-2018-006153
db:	CNNVD	id:	CNNVD-201806-360
db:	NVD	id:	CVE-2018-0357

LAST UPDATE DATE

2024-11-23T21:38:48.721000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-118559	date:	2019-10-09T00:00:00
db:	BID	id:	104420	date:	2018-06-06T00:00:00
db:	JVNDB	id:	JVNDB-2018-006153	date:	2018-08-09T00:00:00
db:	CNNVD	id:	CNNVD-201806-360	date:	2019-10-17T00:00:00
db:	NVD	id:	CVE-2018-0357	date:	2024-11-21T03:38:03.233

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-118559	date:	2018-06-07T00:00:00
db:	BID	id:	104420	date:	2018-06-06T00:00:00
db:	JVNDB	id:	JVNDB-2018-006153	date:	2018-08-09T00:00:00
db:	CNNVD	id:	CNNVD-201806-360	date:	2018-06-08T00:00:00
db:	NVD	id:	CVE-2018-0357	date:	2018-06-07T21:29:00.917