Sign-up

ID

VAR-201901-0587


CVE

CVE-2018-15455


TITLE

Cisco Identity Services Engine Vulnerable to cross-site scripting

Trust: 0.8

sources: JVNDB: JVNDB-2018-013679

DESCRIPTION

A vulnerability in the logging component of Cisco Identity Services Engine could allow an unauthenticated, remote attacker to conduct cross-site scripting attacks. The vulnerability is due to the improper validation of requests stored in the system's logging database. An attacker could exploit this vulnerability by sending malicious requests to the targeted system. An exploit could allow the attacker to conduct cross-site scripting attacks when an administrator views the logs in the Admin Portal. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks. This issue is being tracked by Cisco Bug ID CSCvm62862. The platform monitors the network by collecting real-time information on the network, users and devices, and formulating and implementing corresponding policies

Trust: 1.98

sources: NVD: CVE-2018-15455 // JVNDB: JVNDB-2018-013679 // BID: 106708 // VULHUB: VHN-125716

AFFECTED PRODUCTS

vendor:ciscomodel:identity services enginescope:eqversion:2.3\(0.905\)

Trust: 1.0

vendor:ciscomodel:identity services enginescope:eqversion:2.2\(0.910\)

Trust: 1.0

vendor:ciscomodel:identity services enginescope:eqversion:2.4\(0.903\)

Trust: 1.0

vendor:ciscomodel:identity services engine softwarescope: - version: -

Trust: 0.8

vendor:ciscomodel:identity services enginescope:eqversion:2.4(0.903)

Trust: 0.3

vendor:ciscomodel:identity services enginescope:eqversion:2.3(0.905)

Trust: 0.3

vendor:ciscomodel:identity services enginescope:eqversion:2.2(0.910)

Trust: 0.3

vendor:ciscomodel:identity services enginescope:neversion:2.2(0.913)

Trust: 0.3

sources: BID: 106708 // JVNDB: JVNDB-2018-013679 // NVD: CVE-2018-15455

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-15455
value: MEDIUM

Trust: 1.0

ykramarz@cisco.com: CVE-2018-15455
value: MEDIUM

Trust: 1.0

NVD: CVE-2018-15455
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201901-847
value: MEDIUM

Trust: 0.6

VULHUB: VHN-125716
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2018-15455
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-125716
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-15455
baseSeverity: MEDIUM
baseScore: 6.1
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 2.7
version: 3.0

Trust: 2.8

sources: VULHUB: VHN-125716 // JVNDB: JVNDB-2018-013679 // CNNVD: CNNVD-201901-847 // NVD: CVE-2018-15455 // NVD: CVE-2018-15455

PROBLEMTYPE DATA

problemtype:CWE-79

Trust: 1.9

sources: VULHUB: VHN-125716 // JVNDB: JVNDB-2018-013679 // NVD: CVE-2018-15455

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201901-847

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-201901-847

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-013679

PATCH
title:cisco-sa-20190123-isel-xssurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190123-isel-xss
Trust: 0.8
title:Cisco Identity Services Engine Fixes for cross-site scripting vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=88929
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2018-013679 // 
            
            
            
            CNNVD: CNNVD-201901-847

EXTERNAL IDS
db:NVDid:CVE-2018-15455
Trust: 2.8
db:BIDid:106708
Trust: 2.0
db:JVNDBid:JVNDB-2018-013679
Trust: 0.8
db:CNNVDid:CNNVD-201901-847
Trust: 0.7
db:NSFOCUSid:43897
Trust: 0.6
db:VULHUBid:VHN-125716
Trust: 0.1
sources:
            
            
            VULHUB: VHN-125716 // 
            
            
            
            BID: 106708 // 
            
            
            
            JVNDB: JVNDB-2018-013679 // 
            
            
            
            CNNVD: CNNVD-201901-847 // 
            
            
            
            NVD: CVE-2018-15455

REFERENCES
url:http://www.securityfocus.com/bid/106708
Trust: 2.3
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190123-isel-xss
Trust: 2.0
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-15455
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-15455
Trust: 0.8
url:http://www.nsfocus.net/vulndb/43897
Trust: 0.6
url:http://www.cisco.com/
Trust: 0.3
sources:
            
            
            VULHUB: VHN-125716 // 
            
            
            
            BID: 106708 // 
            
            
            
            JVNDB: JVNDB-2018-013679 // 
            
            
            
            CNNVD: CNNVD-201901-847 // 
            
            
            
            NVD: CVE-2018-15455

CREDITS
This vulnerability was found during internal security testing.,Cisco
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-201901-847

SOURCES
db:VULHUBid:VHN-125716
db:BIDid:106708
db:JVNDBid:JVNDB-2018-013679
db:CNNVDid:CNNVD-201901-847
db:NVDid:CVE-2018-15455

LAST UPDATE DATE
2024-08-14T14:19:42.976000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-125716date:2019-10-09T00:00:00
db:BIDid:106708date:2019-01-23T00:00:00
db:JVNDBid:JVNDB-2018-013679date:2019-02-28T00:00:00
db:CNNVDid:CNNVD-201901-847date:2019-10-17T00:00:00
db:NVDid:CVE-2018-15455date:2019-10-09T23:35:40.343

SOURCES RELEASE DATE
db:VULHUBid:VHN-125716date:2019-01-23T00:00:00
db:BIDid:106708date:2019-01-23T00:00:00
db:JVNDBid:JVNDB-2018-013679date:2019-02-28T00:00:00
db:CNNVDid:CNNVD-201901-847date:2019-01-24T00:00:00
db:NVDid:CVE-2018-15455date:2019-01-23T22:29:00.400