Sign-up

ID

VAR-201811-0175


CVE

CVE-2018-15393


TITLE

Cisco Content Security Management Appliance (SMA) Software Vulnerable to cross-site scripting

Trust: 0.8

sources: JVNDB: JVNDB-2018-011645

DESCRIPTION

A vulnerability in the web-based management interface of Cisco Content Security Management Appliance (SMA) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to click a maliciously crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. This issues are being tracked by Cisco Bug ID CSCvk59387. This appliance is mainly used to manage all policies, reports, audit information, etc. of email and web security appliances. A remote attacker can exploit this vulnerability to inject arbitrary web script or HTML

Trust: 1.98

sources: NVD: CVE-2018-15393 // JVNDB: JVNDB-2018-011645 // BID: 105858 // VULHUB: VHN-125648

AFFECTED PRODUCTS

vendor:ciscomodel:content security management appliancescope:eqversion: -

Trust: 1.6

vendor:ciscomodel:content security management appliancescope: - version: -

Trust: 0.8

vendor:ciscomodel:content security management appliancescope:eqversion:0

Trust: 0.3

sources: BID: 105858 // JVNDB: JVNDB-2018-011645 // CNNVD: CNNVD-201811-184 // NVD: CVE-2018-15393

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-15393
value: MEDIUM

Trust: 1.0

ykramarz@cisco.com: CVE-2018-15393
value: MEDIUM

Trust: 1.0

NVD: CVE-2018-15393
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201811-184
value: MEDIUM

Trust: 0.6

VULHUB: VHN-125648
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2018-15393
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-125648
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-15393
baseSeverity: MEDIUM
baseScore: 6.1
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 2.7
version: 3.0

Trust: 1.8

ykramarz@cisco.com: CVE-2018-15393
baseSeverity: MEDIUM
baseScore: 4.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 1.7
impactScore: 2.7
version: 3.0

Trust: 1.0

sources: VULHUB: VHN-125648 // JVNDB: JVNDB-2018-011645 // CNNVD: CNNVD-201811-184 // NVD: CVE-2018-15393 // NVD: CVE-2018-15393

PROBLEMTYPE DATA

problemtype:CWE-79

Trust: 1.9

sources: VULHUB: VHN-125648 // JVNDB: JVNDB-2018-011645 // NVD: CVE-2018-15393

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201811-184

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-201811-184

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-011645

PATCH
title:cisco-sa-20181107-sma-xssurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181107-sma-xss
Trust: 0.8
title:Cisco Content Security Management Appliance Fixes for cross-site scripting vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=86656
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2018-011645 // 
            
            
            
            CNNVD: CNNVD-201811-184

EXTERNAL IDS
db:NVDid:CVE-2018-15393
Trust: 2.8
db:BIDid:105858
Trust: 2.0
db:JVNDBid:JVNDB-2018-011645
Trust: 0.8
db:CNNVDid:CNNVD-201811-184
Trust: 0.7
db:AUSCERTid:ESB-2018.3491.4
Trust: 0.6
db:VULHUBid:VHN-125648
Trust: 0.1
sources:
            
            
            VULHUB: VHN-125648 // 
            
            
            
            BID: 105858 // 
            
            
            
            JVNDB: JVNDB-2018-011645 // 
            
            
            
            CNNVD: CNNVD-201811-184 // 
            
            
            
            NVD: CVE-2018-15393

REFERENCES
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20181107-sma-xss
Trust: 2.6
url:http://www.securityfocus.com/bid/105858
Trust: 1.7
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-15393
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-15393
Trust: 0.8
url:https://www.auscert.org.au/bulletins/esb-2018.3491.4/
Trust: 0.6
url:http://www.cisco.com/
Trust: 0.3
sources:
            
            
            VULHUB: VHN-125648 // 
            
            
            
            BID: 105858 // 
            
            
            
            JVNDB: JVNDB-2018-011645 // 
            
            
            
            CNNVD: CNNVD-201811-184 // 
            
            
            
            NVD: CVE-2018-15393

CREDITS
who independently discovered and reported this vulnerability.,Cisco would like to thank Marcel Maeder of Netcloud AG for reporting this vulnerability.,the security researcher Ali Hussein and Marcel Maeder of Netcloud AG
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-201811-184

SOURCES
db:VULHUBid:VHN-125648
db:BIDid:105858
db:JVNDBid:JVNDB-2018-011645
db:CNNVDid:CNNVD-201811-184
db:NVDid:CVE-2018-15393

LAST UPDATE DATE
2024-11-23T22:06:29.309000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-125648date:2019-10-09T00:00:00
db:BIDid:105858date:2018-11-07T00:00:00
db:JVNDBid:JVNDB-2018-011645date:2019-01-18T00:00:00
db:CNNVDid:CNNVD-201811-184date:2019-10-17T00:00:00
db:NVDid:CVE-2018-15393date:2024-11-21T03:50:41.503

SOURCES RELEASE DATE
db:VULHUBid:VHN-125648date:2018-11-08T00:00:00
db:BIDid:105858date:2018-11-07T00:00:00
db:JVNDBid:JVNDB-2018-011645date:2019-01-18T00:00:00
db:CNNVDid:CNNVD-201811-184date:2018-11-08T00:00:00
db:NVDid:CVE-2018-15393date:2018-11-08T17:29:00.437