Lucene search

[email protected]NVD:CVE-2018-0242

HistoryApr 19, 2018 - 8:29 p.m.

CVE-2018-0242

2018-04-1920:29:00

CWE-79

[email protected]

web.nvd.nist.gov

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

43.6%

JSON

A vulnerability in the WebVPN web-based management interface of Cisco Adaptive Security Appliance could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or allow the attacker to access sensitive browser-based information. Cisco Bug IDs: CSCvg33985.

Affected configurations

Nvd

Node

ciscoadaptive_security_appliance_softwareMatch9.1\(7.245\)

ciscoadaptive_security_appliance_softwareMatch9.6\(3\)

ciscoadaptive_security_appliance_softwareMatch9.8\(1\)

ciscoadaptive_security_appliance_softwareMatch9.8\(2\)

AND

ciscoasa_5506-xMatch-

ciscoasa_5506h-xMatch-

ciscoasa_5506w-xMatch-

ciscoasa_5508-xMatch-

ciscoasa_5512-xMatch-

ciscoasa_5515-xMatch-

ciscoasa_5516-xMatch-

ciscoasa_5525-xMatch-

ciscoasa_5545-xMatch-

ciscoasa_5585-xMatch-

VendorProductVersionCPE
ciscoadaptive_security_appliance_software9.1(7.245)cpe:2.3:o:cisco:adaptive_security_appliance_software:9.1\(7.245\):*:*:*:*:*:*:*
ciscoadaptive_security_appliance_software9.6(3)cpe:2.3:o:cisco:adaptive_security_appliance_software:9.6\(3\):*:*:*:*:*:*:*
ciscoadaptive_security_appliance_software9.8(1)cpe:2.3:o:cisco:adaptive_security_appliance_software:9.8\(1\):*:*:*:*:*:*:*
ciscoadaptive_security_appliance_software9.8(2)cpe:2.3:o:cisco:adaptive_security_appliance_software:9.8\(2\):*:*:*:*:*:*:*
ciscoasa_5506-x-cpe:2.3:h:cisco:asa_5506-x:-:*:*:*:*:*:*:*
ciscoasa_5506h-x-cpe:2.3:h:cisco:asa_5506h-x:-:*:*:*:*:*:*:*
ciscoasa_5506w-x-cpe:2.3:h:cisco:asa_5506w-x:-:*:*:*:*:*:*:*
ciscoasa_5508-x-cpe:2.3:h:cisco:asa_5508-x:-:*:*:*:*:*:*:*
ciscoasa_5512-x-cpe:2.3:h:cisco:asa_5512-x:-:*:*:*:*:*:*:*
ciscoasa_5515-x-cpe:2.3:h:cisco:asa_5515-x:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
cisco	adaptive_security_appliance_software	9.1(7.245)	cpe:2.3:o:cisco:adaptive_security_appliance_software:9.1\(7.245\):::::::*
cisco	adaptive_security_appliance_software	9.6(3)	cpe:2.3:o:cisco:adaptive_security_appliance_software:9.6\(3\):::::::*
cisco	adaptive_security_appliance_software	9.8(1)	cpe:2.3:o:cisco:adaptive_security_appliance_software:9.8\(1\):::::::*
cisco	adaptive_security_appliance_software	9.8(2)	cpe:2.3:o:cisco:adaptive_security_appliance_software:9.8\(2\):::::::*
cisco	asa_5506-x	-	cpe:2.3:h:cisco:asa_5506-x:-:::::::*
cisco	asa_5506h-x	-	cpe:2.3:h:cisco:asa_5506h-x:-:::::::*
cisco	asa_5506w-x	-	cpe:2.3:h:cisco:asa_5506w-x:-:::::::*
cisco	asa_5508-x	-	cpe:2.3:h:cisco:asa_5508-x:-:::::::*
cisco	asa_5512-x	-	cpe:2.3:h:cisco:asa_5512-x:-:::::::*
cisco	asa_5515-x	-	cpe:2.3:h:cisco:asa_5515-x:-:::::::*

Rows per page:

1-10 of 141

References

www.securityfocus.com/bid/103932

www.securitytracker.com/id/1040713

tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180418-asawvpn

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.001

Percentile

43.6%

JSON

Related for NVD:CVE-2018-0242

cve1 cvelist1 cisco1 prion1