Podatność CVE-2018-0465


Publikacja: 2018-10-05

Opis:
A vulnerability in the web-based management interface of Cisco Small Business 300 Series Managed Switches could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface of an affected system. The vulnerability exists because the affected management interface performs insufficient validation of user-supplied input. An attacker could exploit this vulnerability by persuading a user of the interface to click a malicious link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or allow the attacker to access sensitive, browser-based information.

Typ:

CWE-79

(Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'))

CVSS2 => (AV:N/AC:M/Au:N/C:N/I:P/A:N)

Ogólna skala CVSS
Znaczenie
Łatwość wykorzystania
4.3/10
2.9/10
8.6/10
Wymagany dostęp
Złożoność ataku
Autoryzacja
Zdalny
Średnia
Nie wymagana
Wpływ na poufność
Wpływ na integralność
Wpływ na dostępność
Brak
Częściowy
Brak
Affected software
Cisco -> Sg300-10mpp firmware 
Cisco -> Sf300-08 firmware 
Cisco -> Sg300-10p firmware 
Cisco -> Sf300-24 firmware 
Cisco -> Sg300-10pp firmware 
Cisco -> Sf300-24mp firmware 
Cisco -> Sg300-10sfp firmware 
Cisco -> Sf300-24p firmware 
Cisco -> Sg300-20 firmware 
Cisco -> Sf300-24pp firmware 
Cisco -> Sg300-28 firmware 
Cisco -> Sf300-48 firmware 
Cisco -> Sg300-28mp firmware 
Cisco -> Sf300-48p firmware 
Cisco -> Sg300-28p firmware 
Cisco -> Sf300-48pp firmware 
Cisco -> Sg300-28pp firmware 
Cisco -> Sf302-08 firmware 
Cisco -> Sg300-52 firmware 
Cisco -> Sf302-08mp firmware 
Cisco -> Sg300-52mp firmware 
Cisco -> Sf302-08mpp firmware 
Cisco -> Sg300-52p firmware 
Cisco -> Sf302-08p firmware 
Cisco -> Sf302-08pp firmware 
Cisco -> Sg300-10 firmware 
Cisco -> Sg300-10mp firmware 

 Referencje:
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181003-300-switch-xss

Copyright 2022, cxsecurity.com

 

Back to Top