Sign-up

ID

VAR-201805-0509


CVE

CVE-2018-0326


TITLE

Cisco TelePresence Server Vulnerability related to failure of protection mechanism in software

Trust: 0.8

sources: JVNDB: JVNDB-2018-005164

DESCRIPTION

A vulnerability in the web UI of Cisco TelePresence Server Software could allow an unauthenticated, remote attacker to conduct a cross-frame scripting (XFS) attack against a user of the web UI of the affected software. The vulnerability is due to insufficient protections for HTML inline frames (iframes) by the web UI of the affected software. An attacker could exploit this vulnerability by persuading a user of the affected UI to navigate to an attacker-controlled web page that contains a malicious HTML iframe. A successful exploit could allow the attacker to conduct click-jacking or other client-side browser attacks on the affected system. Cisco Bug IDs: CSCun79565. Cisco TelePresence Server The software is vulnerable to a defect in the protection mechanism. Vendors have confirmed this vulnerability Bug ID CSCun79565 It is released as.Information may be obtained and information may be altered. The solution provides components such as audio and video spaces, which can provide remote participants with a "face-to-face" virtual meeting room effect. Web UI is one of the web interfaces

Trust: 2.07

sources: NVD: CVE-2018-0326 // JVNDB: JVNDB-2018-005164 // BID: 104204 // VULHUB: VHN-118528 // VULMON: CVE-2018-0326

AFFECTED PRODUCTS

vendor:ciscomodel:telepresence tx9000scope:eqversion:10.0\(2.98000.99\)

Trust: 1.6

vendor:ciscomodel:telepresence tx9000scope: - version: -

Trust: 0.8

vendor:ciscomodel:telepresence server softwarescope:eqversion:0

Trust: 0.3

sources: BID: 104204 // JVNDB: JVNDB-2018-005164 // CNNVD: CNNVD-201805-621 // NVD: CVE-2018-0326

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-0326
value: MEDIUM

Trust: 1.0

NVD: CVE-2018-0326
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201805-621
value: MEDIUM

Trust: 0.6

VULHUB: VHN-118528
value: MEDIUM

Trust: 0.1

VULMON: CVE-2018-0326
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2018-0326
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-118528
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-0326
baseSeverity: MEDIUM
baseScore: 6.1
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 2.7
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-118528 // VULMON: CVE-2018-0326 // JVNDB: JVNDB-2018-005164 // CNNVD: CNNVD-201805-621 // NVD: CVE-2018-0326

PROBLEMTYPE DATA

problemtype:CWE-693

Trust: 1.9

sources: VULHUB: VHN-118528 // JVNDB: JVNDB-2018-005164 // NVD: CVE-2018-0326

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201805-621

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-201805-621

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-005164

PATCH
title:cisco-sa-20180516-telepres-xfsurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180516-telepres-xfs
Trust: 0.8
title:Cisco TelePresence Server Software Web UI Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=83546
Trust: 0.6
title:Cisco: Cisco TelePresence IX5000 Series and TelePresence TX9000 Series Cross-Frame Scripting Vulnerabilityurl:https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-20180516-telepres-xfs
Trust: 0.1
sources:
            
            
            VULMON: CVE-2018-0326 // 
            
            
            
            JVNDB: JVNDB-2018-005164 // 
            
            
            
            CNNVD: CNNVD-201805-621

EXTERNAL IDS
db:NVDid:CVE-2018-0326
Trust: 2.9
db:BIDid:104204
Trust: 2.1
db:SECTRACKid:1040930
Trust: 1.8
db:JVNDBid:JVNDB-2018-005164
Trust: 0.8
db:CNNVDid:CNNVD-201805-621
Trust: 0.6
db:VULHUBid:VHN-118528
Trust: 0.1
db:VULMONid:CVE-2018-0326
Trust: 0.1
sources:
            
            
            VULHUB: VHN-118528 // 
            
            
            
            VULMON: CVE-2018-0326 // 
            
            
            
            BID: 104204 // 
            
            
            
            JVNDB: JVNDB-2018-005164 // 
            
            
            
            CNNVD: CNNVD-201805-621 // 
            
            
            
            NVD: CVE-2018-0326

REFERENCES
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20180516-telepres-xfs
Trust: 2.2
url:http://www.securityfocus.com/bid/104204
Trust: 1.9
url:http://www.securitytracker.com/id/1040930
Trust: 1.8
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0326
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-0326
Trust: 0.8
url:http://www.cisco.com/
Trust: 0.3
url:https://cwe.mitre.org/data/definitions/693.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            VULHUB: VHN-118528 // 
            
            
            
            VULMON: CVE-2018-0326 // 
            
            
            
            BID: 104204 // 
            
            
            
            JVNDB: JVNDB-2018-005164 // 
            
            
            
            CNNVD: CNNVD-201805-621 // 
            
            
            
            NVD: CVE-2018-0326

CREDITS
The vendor reported this issue.
Trust: 0.3
sources:
            
            
            BID: 104204

SOURCES
db:VULHUBid:VHN-118528
db:VULMONid:CVE-2018-0326
db:BIDid:104204
db:JVNDBid:JVNDB-2018-005164
db:CNNVDid:CNNVD-201805-621
db:NVDid:CVE-2018-0326

LAST UPDATE DATE
2024-11-23T22:48:43.332000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-118528date:2019-10-09T00:00:00
db:VULMONid:CVE-2018-0326date:2019-10-09T00:00:00
db:BIDid:104204date:2018-05-16T00:00:00
db:JVNDBid:JVNDB-2018-005164date:2018-07-09T00:00:00
db:CNNVDid:CNNVD-201805-621date:2019-10-17T00:00:00
db:NVDid:CVE-2018-0326date:2024-11-21T03:37:59.040

SOURCES RELEASE DATE
db:VULHUBid:VHN-118528date:2018-05-17T00:00:00
db:VULMONid:CVE-2018-0326date:2018-05-17T00:00:00
db:BIDid:104204date:2018-05-16T00:00:00
db:JVNDBid:JVNDB-2018-005164date:2018-07-09T00:00:00
db:CNNVDid:CNNVD-201805-621date:2018-05-18T00:00:00
db:NVDid:CVE-2018-0326date:2018-05-17T03:29:00.857