Lucene search

[email protected]NVD:CVE-2018-0465

HistoryOct 05, 2018 - 2:29 p.m.

CVE-2018-0465

2018-10-0514:29:04

CWE-79

[email protected]

web.nvd.nist.gov

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.002

Percentile

52.0%

JSON

A vulnerability in the web-based management interface of Cisco Small Business 300 Series Managed Switches could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface of an affected system. The vulnerability exists because the affected management interface performs insufficient validation of user-supplied input. An attacker could exploit this vulnerability by persuading a user of the interface to click a malicious link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or allow the attacker to access sensitive, browser-based information.

Affected configurations

Nvd

Node

ciscosf302-08pp_firmwareMatch1.4.2.4

AND

ciscosf302-08ppMatch-

Node

ciscosf302-08mpp_firmwareMatch1.4.2.4

AND

ciscosf302-08mppMatch-

Node

ciscosg300-10pp_firmwareMatch1.4.2.4

AND

ciscosg300-10ppMatch-

Node

ciscosg300-10mpp_firmwareMatch1.4.2.4

AND

ciscosg300-10mppMatch-

Node

ciscosf300-24pp_firmwareMatch1.4.2.4

AND

ciscosf300-24ppMatch-

Node

ciscosf300-48pp_firmwareMatch1.4.2.4

AND

ciscosf300-48ppMatch-

Node

ciscosg300-28pp_firmwareMatch1.4.2.4

AND

ciscosg300-28ppMatch-

Node

ciscosf300-08_firmwareMatch1.4.2.4

AND

ciscosf300-08Match-

Node

ciscosf300-48p_firmwareMatch1.4.2.4

AND

ciscosf300-48pMatch-

Node

ciscosg300-10mp_firmwareMatch1.4.2.4

AND

ciscosg300-10mpMatch-

Node

ciscosg300-10p_firmwareMatch1.4.2.4

AND

ciscosg300-10pMatch-

Node

ciscosg300-10_firmwareMatch1.4.2.4

AND

ciscosg300-10Match-

Node

ciscosg300-28p_firmwareMatch1.4.2.4

AND

ciscosg300-28pMatch-

Node

ciscosf300-24p_firmwareMatch1.4.2.4

AND

ciscosf300-24pMatch-

Node

ciscosf302-08mp_firmwareMatch1.4.2.4

AND

ciscosf302-08mpMatch-

Node

ciscosg300-28_firmwareMatch1.4.2.4

AND

ciscosg300-28Match-

Node

ciscosf300-48_firmwareMatch1.4.2.4

AND

ciscosf300-48Match-

Node

ciscosg300-20_firmwareMatch1.4.2.4

AND

ciscosg300-20Match-

Node

ciscosf302-08pMatch-

AND

ciscosf302-08p_firmwareMatch1.4.2.4

Node

ciscosg300-52Match-

AND

ciscosg300-52_firmwareMatch1.4.2.4

Node

ciscosf300-24Match-

AND

ciscosf300-24_firmwareMatch1.4.2.4

Node

ciscosf302-08Match-

AND

ciscosf302-08_firmwareMatch1.4.2.4

Node

ciscosf300-24mpMatch-

AND

ciscosf300-24mp_firmwareMatch1.4.2.4

Node

ciscosg300-10sfpMatch-

AND

ciscosg300-10sfp_firmwareMatch1.4.2.4

Node

ciscosg300-28mp_firmwareMatch1.4.2.4

AND

ciscosg300-28mpMatch-

Node

ciscosg300-52pMatch-

AND

ciscosg300-52p_firmwareMatch1.4.2.4

Node

ciscosg300-52mpMatch-

AND

ciscosg300-52mp_firmwareMatch1.4.2.4

VendorProductVersionCPE
ciscosf302-08pp_firmware1.4.2.4cpe:2.3:o:cisco:sf302-08pp_firmware:1.4.2.4:*:*:*:*:*:*:*
ciscosf302-08pp-cpe:2.3:h:cisco:sf302-08pp:-:*:*:*:*:*:*:*
ciscosf302-08mpp_firmware1.4.2.4cpe:2.3:o:cisco:sf302-08mpp_firmware:1.4.2.4:*:*:*:*:*:*:*
ciscosf302-08mpp-cpe:2.3:h:cisco:sf302-08mpp:-:*:*:*:*:*:*:*
ciscosg300-10pp_firmware1.4.2.4cpe:2.3:o:cisco:sg300-10pp_firmware:1.4.2.4:*:*:*:*:*:*:*
ciscosg300-10pp-cpe:2.3:h:cisco:sg300-10pp:-:*:*:*:*:*:*:*
ciscosg300-10mpp_firmware1.4.2.4cpe:2.3:o:cisco:sg300-10mpp_firmware:1.4.2.4:*:*:*:*:*:*:*
ciscosg300-10mpp-cpe:2.3:h:cisco:sg300-10mpp:-:*:*:*:*:*:*:*
ciscosf300-24pp_firmware1.4.2.4cpe:2.3:o:cisco:sf300-24pp_firmware:1.4.2.4:*:*:*:*:*:*:*
ciscosf300-24pp-cpe:2.3:h:cisco:sf300-24pp:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
cisco	sf302-08pp_firmware	1.4.2.4	cpe:2.3:o:cisco:sf302-08pp_firmware:1.4.2.4:::::::*
cisco	sf302-08pp	-	cpe:2.3:h:cisco:sf302-08pp:-:::::::*
cisco	sf302-08mpp_firmware	1.4.2.4	cpe:2.3:o:cisco:sf302-08mpp_firmware:1.4.2.4:::::::*
cisco	sf302-08mpp	-	cpe:2.3:h:cisco:sf302-08mpp:-:::::::*
cisco	sg300-10pp_firmware	1.4.2.4	cpe:2.3:o:cisco:sg300-10pp_firmware:1.4.2.4:::::::*
cisco	sg300-10pp	-	cpe:2.3:h:cisco:sg300-10pp:-:::::::*
cisco	sg300-10mpp_firmware	1.4.2.4	cpe:2.3:o:cisco:sg300-10mpp_firmware:1.4.2.4:::::::*
cisco	sg300-10mpp	-	cpe:2.3:h:cisco:sg300-10mpp:-:::::::*
cisco	sf300-24pp_firmware	1.4.2.4	cpe:2.3:o:cisco:sf300-24pp_firmware:1.4.2.4:::::::*
cisco	sf300-24pp	-	cpe:2.3:h:cisco:sf300-24pp:-:::::::*

Rows per page:

1-10 of 541

References

tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181003-300-switch-xss

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.002

Percentile

52.0%

JSON

Related for NVD:CVE-2018-0465

cvelist1 cisco1 prion1 cve1