Lucene search

[email protected]CVE-2018-0407

HistoryAug 01, 2018 - 8:29 p.m.

CVE-2018-0407

2018-08-0120:29:00

CWE-79

[email protected]

web.nvd.nist.gov

cisco

small business 300 series

managed switches

cve-2018-0407

xss

web-based management interface

authentication

remote attacker

3.5 Low

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

5.4 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

0.001 Low

EPSS

Percentile

28.8%

JSON

A vulnerability in the web-based management interface of Cisco Small Business 300 Series (Sx300) Managed Switches could allow an authenticated, remote attacker to conduct a persistent cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or allow the attacker to access sensitive browser-based information. Cisco Bug IDs: CSCvi87326.

Affected configurations

NVD

Node

ciscosf300-08_firmwareRange1.4.7–1.4.7.06

AND

ciscosf300-08Match-

Node

ciscosf302-08_firmwareRange1.4.7–1.4.7.06

AND

ciscosf302-08Match-

Node

ciscosf302-08p_firmwareRange1.4.7–1.4.7.06

AND

ciscosf302-08pMatch-

Node

ciscosf302-08pp_firmwareRange1.4.7–1.4.7.06

AND

ciscosf302-08ppMatch-

Node

ciscosf302-08mp_firmwareRange1.4.7–1.4.7.06

AND

ciscosf302-08mpMatch-

Node

ciscosf302-08mpp_firmwareRange1.4.7–1.4.7.06

AND

ciscosf302-08mppMatch-

Node

ciscosf300-24_firmwareRange1.4.7–1.4.7.06

AND

ciscosf300-24Match-

Node

ciscosf300-24p_firmwareRange1.4.7–1.4.7.06

AND

ciscosf300-24pMatch-

Node

ciscosf300-24pp_firmwareRange1.4.7–1.4.7.06

AND

ciscosf300-24ppMatch-

Node

ciscosf300-24mp_firmwareRange1.4.7–1.4.7.06

AND

ciscosf300-24mpMatch-

Node

ciscosf300-48_firmwareRange1.4.7–1.4.7.06

AND

ciscosf300-48Match-

Node

ciscosf300-48p_firmwareRange1.4.7–1.4.7.06

AND

ciscosf300-48pMatch-

Node

ciscosf300-48pp_firmwareRange1.4.7–1.4.7.06

AND

ciscosf300-48ppMatch-

Node

ciscosg300-10_firmwareRange1.4.7–1.4.7.06

AND

ciscosg300-10Match-

Node

ciscosg300-10sfp_firmwareRange1.4.7–1.4.7.06

AND

ciscosg300-10sfpMatch-

Node

ciscosg300-10p_firmwareRange1.4.7–1.4.7.06

AND

ciscosg300-10pMatch-

Node

ciscosg300-10pp_firmwareRange1.4.7–1.4.7.06

AND

ciscosg300-10ppMatch-

Node

ciscosg300-10mp_firmwareRange1.4.7–1.4.7.06

AND

ciscosg300-10mpMatch-

Node

ciscosg300-10mpp_firmwareRange1.4.7–1.4.7.06

AND

ciscosg300-10mppMatch-

Node

ciscosg300-20_firmwareRange1.4.7–1.4.7.06

AND

ciscosg300-20Match-

Node

ciscosg300-28_firmwareRange1.4.7–1.4.7.06

AND

ciscosg300-28Match-

Node

ciscosg300-28p_firmwareRange1.4.7–1.4.7.06

AND

ciscosg300-28pMatch-

Node

ciscosg300-28pp_firmwareRange1.4.7–1.4.7.06

AND

ciscosg300-28ppMatch-

Node

ciscosg300-28mp_firmwareRange1.4.7–1.4.7.06

AND

ciscosg300-28mpMatch-

Node

ciscosg300-52_firmwareRange1.4.7–1.4.7.06

AND

ciscosg300-52Match-

Node

ciscosg300-52p_firmwareRange1.4.7–1.4.7.06

AND

ciscosg300-52pMatch-

Node

ciscosg300-52mp_firmwareRange1.4.7–1.4.7.06

AND

ciscosg300-52mpMatch-

Node

ciscosg300-28sfp_firmwareRange1.4.7–1.4.7.06

AND

ciscosg300-28sfpMatch-

CPENameOperatorVersion
cisco:sf300-08_firmwarecisco sf300-08 firmwarele1.4.7.06

CPE	Name	Operator	Version
cisco:sf300-08_firmware	cisco sf300-08 firmware	le	1.4.7.06

CNA Affected

[
  {
    "product": "Cisco Small Business 300 Series Managed Switches unknown",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "Cisco Small Business 300 Series Managed Switches unknown"
      }
    ]
  }
]

References

www.securityfocus.com/bid/104947

tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180801-sb-pxss

3.5 Low

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

5.4 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

0.001 Low

EPSS

Percentile

28.8%

JSON

Related for CVE-2018-0407

nvd1 prion1 cvelist1 cisco1