Details of VAR-201807-0432

ID

VAR-201807-0432

CVE

CVE-2018-0390

TITLE

Cisco Webex Vulnerable to cross-site scripting

Trust: 0.8

sources: JVNDB: JVNDB-2018-008278

DESCRIPTION

A vulnerability in the web framework of Cisco Webex could allow an unauthenticated, remote attacker to conduct a Document Object Model-based (DOM-based) cross-site scripting (XSS) attack against the user of the web interface of an affected system. The vulnerability is due to insufficient input validation of certain parameters that are passed to the affected software by using the HTTP POST method. An attacker who can submit malicious scripts to the affected user interface element could execute arbitrary script or HTML code in the user's browser in the context of the affected site. Cisco Bug IDs: CSCvj33287. Cisco Webex Contains a cross-site scripting vulnerability. Vendors have confirmed this vulnerability Bug ID CSCvj33287 It is released as.Information may be obtained and information may be altered. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. Cisco WebEx is a set of Web conferencing tools developed by American Cisco (Cisco), which can assist office workers in different places to coordinate and cooperate. WebEx services include Web conferencing, telepresence video conferencing and enterprise instant messaging (IM)

Trust: 1.98

sources: NVD: CVE-2018-0390 // JVNDB: JVNDB-2018-008278 // BID: 104865 // VULHUB: VHN-118592

AFFECTED PRODUCTS

vendor:	cisco	model:	webex meetings	scope:	eq	version:	2.0	Trust: 1.6
vendor:	cisco	model:	webex meetings	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	webex	scope:	eq	version:	0	Trust: 0.3

sources: BID: 104865 // JVNDB: JVNDB-2018-008278 // CNNVD: CNNVD-201807-1292 // NVD: CVE-2018-0390

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2018-0390
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2018-0390
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201807-1292
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-118592
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2018-0390
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-118592
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2018-0390
baseSeverity:	MEDIUM
baseScore:	6.1
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	CHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	2.7
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-118592 // JVNDB: JVNDB-2018-008278 // CNNVD: CNNVD-201807-1292 // NVD: CVE-2018-0390

PROBLEMTYPE DATA

problemtype:

CWE-79

Trust: 1.9

sources: VULHUB: VHN-118592 // JVNDB: JVNDB-2018-008278 // NVD: CVE-2018-0390

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201807-1292

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-201807-1292

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-008278

PATCH

title:	cisco-sa-20180718-webex-DOM-xss	url:	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180718-webex-DOM-xss	Trust: 0.8
title:	Cisco Webex Fixes for cross-site scripting vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=82193	Trust: 0.6

sources: JVNDB: JVNDB-2018-008278 // CNNVD: CNNVD-201807-1292

EXTERNAL IDS

db:	NVD	id:	CVE-2018-0390	Trust: 2.8
db:	BID	id:	104865	Trust: 2.0
db:	JVNDB	id:	JVNDB-2018-008278	Trust: 0.8
db:	CNNVD	id:	CNNVD-201807-1292	Trust: 0.7
db:	VULHUB	id:	VHN-118592	Trust: 0.1

sources: VULHUB: VHN-118592 // BID: 104865 // JVNDB: JVNDB-2018-008278 // CNNVD: CNNVD-201807-1292 // NVD: CVE-2018-0390

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20180718-webex-dom-xss	Trust: 2.0
url:	http://www.securityfocus.com/bid/104865	Trust: 1.7
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0390	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2018-0390	Trust: 0.8
url:	http://www.cisco.com/	Trust: 0.3

sources: VULHUB: VHN-118592 // BID: 104865 // JVNDB: JVNDB-2018-008278 // CNNVD: CNNVD-201807-1292 // NVD: CVE-2018-0390

CREDITS

Gabriele Pippi

Trust: 0.3

sources: BID: 104865

SOURCES

db:	VULHUB	id:	VHN-118592
db:	BID	id:	104865
db:	JVNDB	id:	JVNDB-2018-008278
db:	CNNVD	id:	CNNVD-201807-1292
db:	NVD	id:	CVE-2018-0390

LAST UPDATE DATE

2024-11-23T21:38:45.765000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-118592	date:	2019-10-09T00:00:00
db:	BID	id:	104865	date:	2018-07-18T00:00:00
db:	JVNDB	id:	JVNDB-2018-008278	date:	2018-10-12T00:00:00
db:	CNNVD	id:	CNNVD-201807-1292	date:	2019-10-17T00:00:00
db:	NVD	id:	CVE-2018-0390	date:	2024-11-21T03:38:07.763

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-118592	date:	2018-07-18T00:00:00
db:	BID	id:	104865	date:	2018-07-18T00:00:00
db:	JVNDB	id:	JVNDB-2018-008278	date:	2018-10-12T00:00:00
db:	CNNVD	id:	CNNVD-201807-1292	date:	2018-07-19T00:00:00
db:	NVD	id:	CVE-2018-0390	date:	2018-07-18T23:29:01.103