Details of VAR-201901-0593

ID

VAR-201901-0593

CVE

CVE-2018-15461

TITLE

Cisco Webex Business Suite Vulnerable to cross-site scripting

Trust: 0.8

sources: JVNDB: JVNDB-2018-013791

DESCRIPTION

A vulnerability in the MyWebex component of Cisco Webex Business Suite could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack. The vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by convincing a user to click a crafted URL. To exploit this vulnerability, the attacker may provide a link that directs a user to a malicious site and use misleading language or instructions to persuade the user to follow the provided link. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. This issue is being tracked by Cisco Bug ID CSCvk29147. Cisco Webex Business Suite is a set of video conferencing solutions of Cisco (Cisco). MyWebex is one of the components that supports accessing remote computers from a browser

Trust: 1.98

sources: NVD: CVE-2018-15461 // JVNDB: JVNDB-2018-013791 // BID: 106505 // VULHUB: VHN-125723

AFFECTED PRODUCTS

vendor:	cisco	model:	webex business suite	scope:	eq	version:	-	Trust: 1.0
vendor:	cisco	model:	webex business suite	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	webex meetings online	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	webex business suite	scope:	eq	version:	0	Trust: 0.3

sources: BID: 106505 // JVNDB: JVNDB-2018-013791 // NVD: CVE-2018-15461

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2018-15461
value:	MEDIUM
Trust: 1.0
ykramarz@cisco.com:	CVE-2018-15461
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2018-15461
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201901-292
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-125723
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2018-15461
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-125723
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2018-15461
baseSeverity:	MEDIUM
baseScore:	6.1
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	CHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	2.7
version:	3.0
Trust: 2.8

sources: VULHUB: VHN-125723 // JVNDB: JVNDB-2018-013791 // CNNVD: CNNVD-201901-292 // NVD: CVE-2018-15461 // NVD: CVE-2018-15461

PROBLEMTYPE DATA

problemtype:

CWE-79

Trust: 1.9

sources: VULHUB: VHN-125723 // JVNDB: JVNDB-2018-013791 // NVD: CVE-2018-15461

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201901-292

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-201901-292

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-013791

PATCH

title:	cisco-sa-20190109-webex-bs-xss	url:	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190109-webex-bs-xss	Trust: 0.8
title:	Cisco Webex Business Suite Fixes for cross-site scripting vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=88493	Trust: 0.6

sources: JVNDB: JVNDB-2018-013791 // CNNVD: CNNVD-201901-292

EXTERNAL IDS

db:	NVD	id:	CVE-2018-15461	Trust: 2.8
db:	BID	id:	106505	Trust: 2.0
db:	JVNDB	id:	JVNDB-2018-013791	Trust: 0.8
db:	CNNVD	id:	CNNVD-201901-292	Trust: 0.7
db:	VULHUB	id:	VHN-125723	Trust: 0.1

sources: VULHUB: VHN-125723 // BID: 106505 // JVNDB: JVNDB-2018-013791 // CNNVD: CNNVD-201901-292 // NVD: CVE-2018-15461

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190109-webex-bs-xss	Trust: 2.0
url:	http://www.securityfocus.com/bid/106505	Trust: 1.7
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-15461	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2018-15461	Trust: 0.8
url:	http://www.cisco.com/	Trust: 0.3

sources: VULHUB: VHN-125723 // BID: 106505 // JVNDB: JVNDB-2018-013791 // CNNVD: CNNVD-201901-292 // NVD: CVE-2018-15461

CREDITS

This vulnerability was found during internal security testing.

Trust: 0.6

sources: CNNVD: CNNVD-201901-292

SOURCES

db:	VULHUB	id:	VHN-125723
db:	BID	id:	106505
db:	JVNDB	id:	JVNDB-2018-013791
db:	CNNVD	id:	CNNVD-201901-292
db:	NVD	id:	CVE-2018-15461

LAST UPDATE DATE

2024-11-23T23:11:56.178000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-125723	date:	2019-10-09T00:00:00
db:	BID	id:	106505	date:	2019-01-09T00:00:00
db:	JVNDB	id:	JVNDB-2018-013791	date:	2019-03-01T00:00:00
db:	CNNVD	id:	CNNVD-201901-292	date:	2019-10-17T00:00:00
db:	NVD	id:	CVE-2018-15461	date:	2024-11-21T03:50:51.383

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-125723	date:	2019-01-10T00:00:00
db:	BID	id:	106505	date:	2019-01-09T00:00:00
db:	JVNDB	id:	JVNDB-2018-013791	date:	2019-03-01T00:00:00
db:	CNNVD	id:	CNNVD-201901-292	date:	2019-01-10T00:00:00
db:	NVD	id:	CVE-2018-15461	date:	2019-01-10T23:29:00.247