Details of VAR-201901-0471

ID

VAR-201901-0471

CVE

CVE-2018-0482

TITLE

Cisco Prime Network Control System Vulnerable to cross-site scripting

Trust: 0.8

sources: JVNDB: JVNDB-2019-001536

DESCRIPTION

A vulnerability in the web-based management interface of Cisco Prime Network Control System could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the web interface of the affected system. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to click a malicious link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the web-based management interface or allow the attacker to access sensitive browser-based information. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks. This issue is being tracked by Cisco Bug ID CSCvj92813. The platform can be used to monitor and troubleshoot wired and wireless LANs

Trust: 1.98

sources: NVD: CVE-2018-0482 // JVNDB: JVNDB-2019-001536 // BID: 106514 // VULHUB: VHN-118684

AFFECTED PRODUCTS

vendor:	cisco	model:	prime infrastructure	scope:	eq	version:	3.5\(0.0\)	Trust: 1.0
vendor:	cisco	model:	prime infrastructure	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	prime network control system	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	prime infrastructure	scope:	eq	version:	3.5	Trust: 0.3

sources: BID: 106514 // JVNDB: JVNDB-2019-001536 // NVD: CVE-2018-0482

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2018-0482
value:	MEDIUM
Trust: 1.0
ykramarz@cisco.com:	CVE-2018-0482
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2018-0482
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201901-294
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-118684
value:	LOW
Trust: 0.1

nvd@nist.gov:	CVE-2018-0482
severity:	LOW
baseScore:	3.5
vectorString:	AV:N/AC:M/AU:S/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	6.8
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-118684
severity:	LOW
baseScore:	3.5
vectorString:	AV:N/AC:M/AU:S/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	SINGLE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	6.8
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2018-0482
baseSeverity:	MEDIUM
baseScore:	5.4
vectorString:	CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	REQUIRED
scope:	CHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	2.3
impactScore:	2.7
version:	3.0
Trust: 2.8

sources: VULHUB: VHN-118684 // JVNDB: JVNDB-2019-001536 // CNNVD: CNNVD-201901-294 // NVD: CVE-2018-0482 // NVD: CVE-2018-0482

PROBLEMTYPE DATA

problemtype:

CWE-79

Trust: 1.9

sources: VULHUB: VHN-118684 // JVNDB: JVNDB-2019-001536 // NVD: CVE-2018-0482

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201901-294

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-201901-294

CONFIGURATIONS

sources: JVNDB: JVNDB-2019-001536

PATCH

title:	cisco-sa-20190109-pnc-stored-xss	url:	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190109-pnc-stored-xss	Trust: 0.8
title:	Cisco Prime Network Control System Fixes for cross-site scripting vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=88495	Trust: 0.6

sources: JVNDB: JVNDB-2019-001536 // CNNVD: CNNVD-201901-294

EXTERNAL IDS

db:	NVD	id:	CVE-2018-0482	Trust: 2.8
db:	BID	id:	106514	Trust: 2.0
db:	JVNDB	id:	JVNDB-2019-001536	Trust: 0.8
db:	CNNVD	id:	CNNVD-201901-294	Trust: 0.7
db:	VULHUB	id:	VHN-118684	Trust: 0.1

sources: VULHUB: VHN-118684 // BID: 106514 // JVNDB: JVNDB-2019-001536 // CNNVD: CNNVD-201901-294 // NVD: CVE-2018-0482

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190109-pnc-stored-xss	Trust: 2.0
url:	http://www.securityfocus.com/bid/106514	Trust: 1.7
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0482	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2018-0482	Trust: 0.8
url:	http://www.cisco.com/	Trust: 0.3

sources: VULHUB: VHN-118684 // BID: 106514 // JVNDB: JVNDB-2019-001536 // CNNVD: CNNVD-201901-294 // NVD: CVE-2018-0482

CREDITS

This vulnerability was found during internal security testing.

Trust: 0.6

sources: CNNVD: CNNVD-201901-294

SOURCES

db:	VULHUB	id:	VHN-118684
db:	BID	id:	106514
db:	JVNDB	id:	JVNDB-2019-001536
db:	CNNVD	id:	CNNVD-201901-294
db:	NVD	id:	CVE-2018-0482

LAST UPDATE DATE

2024-11-23T22:21:51.645000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-118684	date:	2019-10-09T00:00:00
db:	BID	id:	106514	date:	2019-01-09T00:00:00
db:	JVNDB	id:	JVNDB-2019-001536	date:	2019-03-12T00:00:00
db:	CNNVD	id:	CNNVD-201901-294	date:	2019-10-17T00:00:00
db:	NVD	id:	CVE-2018-0482	date:	2024-11-21T03:38:19.347

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-118684	date:	2019-01-10T00:00:00
db:	BID	id:	106514	date:	2019-01-09T00:00:00
db:	JVNDB	id:	JVNDB-2019-001536	date:	2019-03-12T00:00:00
db:	CNNVD	id:	CNNVD-201901-294	date:	2019-01-10T00:00:00
db:	NVD	id:	CVE-2018-0482	date:	2019-01-10T16:29:00.380