ID

VAR-201810-0324


CVE

CVE-2018-0450


TITLE

Cisco Data Center Network Manager Vulnerable to cross-site scripting

Trust: 0.8

sources: JVNDB: JVNDB-2018-010563

DESCRIPTION

A vulnerability in the web-based management interface of Cisco Data Center Network Manager could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the management interface on an affected device. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit this vulnerability by persuading a user of the interface to click a customized link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive browser-based information. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. This issue is being tracked by Cisco Bug ID CSCvh70379. The system is available for Cisco Nexus and MDS series switches and provides storage visualization, configuration and troubleshooting functions

Trust: 1.98

sources: NVD: CVE-2018-0450 // JVNDB: JVNDB-2018-010563 // BID: 105288 // VULHUB: VHN-118652

AFFECTED PRODUCTS

vendor:ciscomodel:data center network managerscope:eqversion:10.4\(2\)

Trust: 1.6

vendor:ciscomodel:data center network managerscope: - version: -

Trust: 0.8

vendor:ciscomodel:data center network managerscope:eqversion:0

Trust: 0.3

sources: BID: 105288 // JVNDB: JVNDB-2018-010563 // CNNVD: CNNVD-201809-281 // NVD: CVE-2018-0450

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-0450
value: MEDIUM

Trust: 1.0

NVD: CVE-2018-0450
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201809-281
value: MEDIUM

Trust: 0.6

VULHUB: VHN-118652
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2018-0450
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-118652
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-0450
baseSeverity: MEDIUM
baseScore: 6.1
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 2.7
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-118652 // JVNDB: JVNDB-2018-010563 // CNNVD: CNNVD-201809-281 // NVD: CVE-2018-0450

PROBLEMTYPE DATA

problemtype:CWE-79

Trust: 1.9

sources: VULHUB: VHN-118652 // JVNDB: JVNDB-2018-010563 // NVD: CVE-2018-0450

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201809-281

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-201809-281

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-010563

PATCH

title:cisco-sa-20180905-dcnm-xssurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180905-dcnm-xss

Trust: 0.8

title:Cisco Data Center Network Manager Fixes for cross-site scripting vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=84612

Trust: 0.6

sources: JVNDB: JVNDB-2018-010563 // CNNVD: CNNVD-201809-281

EXTERNAL IDS

db:NVDid:CVE-2018-0450

Trust: 2.8

db:BIDid:105288

Trust: 2.0

db:JVNDBid:JVNDB-2018-010563

Trust: 0.8

db:CNNVDid:CNNVD-201809-281

Trust: 0.7

db:VULHUBid:VHN-118652

Trust: 0.1

sources: VULHUB: VHN-118652 // BID: 105288 // JVNDB: JVNDB-2018-010563 // CNNVD: CNNVD-201809-281 // NVD: CVE-2018-0450

REFERENCES

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20180905-dcnm-xss

Trust: 2.0

url:http://www.securityfocus.com/bid/105288

Trust: 1.7

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0450

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2018-0450

Trust: 0.8

url:http://www.cisco.com/

Trust: 0.3

sources: VULHUB: VHN-118652 // BID: 105288 // JVNDB: JVNDB-2018-010563 // CNNVD: CNNVD-201809-281 // NVD: CVE-2018-0450

CREDITS

Cisco

Trust: 0.3

sources: BID: 105288

SOURCES

db:VULHUBid:VHN-118652
db:BIDid:105288
db:JVNDBid:JVNDB-2018-010563
db:CNNVDid:CNNVD-201809-281
db:NVDid:CVE-2018-0450

LAST UPDATE DATE

2024-11-23T22:34:06.392000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-118652date:2019-10-09T00:00:00
db:BIDid:105288date:2018-09-05T00:00:00
db:JVNDBid:JVNDB-2018-010563date:2018-12-18T00:00:00
db:CNNVDid:CNNVD-201809-281date:2019-10-17T00:00:00
db:NVDid:CVE-2018-0450date:2024-11-21T03:38:15.400

SOURCES RELEASE DATE

db:VULHUBid:VHN-118652date:2018-10-05T00:00:00
db:BIDid:105288date:2018-09-05T00:00:00
db:JVNDBid:JVNDB-2018-010563date:2018-12-18T00:00:00
db:CNNVDid:CNNVD-201809-281date:2018-09-06T00:00:00
db:NVDid:CVE-2018-0450date:2018-10-05T14:29:03.027