MitreCVE-2018-5281CVE-2018-5281
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:S/C:N/I:P/A:N
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
AI Score
Confidence
High
EPSS
Percentile
35.0%
SonicWall SonicOS on Network Security Appliance (NSA) 2017 Q4 devices has XSS via the CFS Custom Category and Cloud AV DB Exclusion Settings screens.
Affected configurations
| Vendor | Product | Version | CPE |
|---|---|---|---|
| sonicwall | sonicos | * | cpe:2.3:o:sonicwall:sonicos:*:*:*:*:*:*:*:* |
| sonicwall | nsa_250m | - | cpe:2.3:h:sonicwall:nsa_250m:-:*:*:*:*:*:*:* |
| sonicwall | nsa_2600 | - | cpe:2.3:h:sonicwall:nsa_2600:-:*:*:*:*:*:*:* |
| sonicwall | nsa_2650 | - | cpe:2.3:h:sonicwall:nsa_2650:-:*:*:*:*:*:*:* |
| sonicwall | nsa_3600 | - | cpe:2.3:h:sonicwall:nsa_3600:-:*:*:*:*:*:*:* |
| sonicwall | nsa_4600 | - | cpe:2.3:h:sonicwall:nsa_4600:-:*:*:*:*:*:*:* |
| sonicwall | nsa_5600 | - | cpe:2.3:h:sonicwall:nsa_5600:-:*:*:*:*:*:*:* |
| sonicwall | nsa_6600 | - | cpe:2.3:h:sonicwall:nsa_6600:-:*:*:*:*:*:*:* |
Related
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:S/C:N/I:P/A:N
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
AI Score
Confidence
High
EPSS
Percentile
35.0%