Details of VAR-201808-0295

ID

VAR-201808-0295

CVE

CVE-2018-0386

TITLE

Cisco Unified Communications Domain Manager Software Vulnerable to cross-site scripting

Trust: 0.8

sources: JVNDB: JVNDB-2018-009010

DESCRIPTION

A vulnerability in Cisco Unified Communications Domain Manager Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack on an affected system. The vulnerability is due to improper validation of input that is passed to the affected software. An attacker could exploit this vulnerability by persuading a user of the affected software to access a malicious URL. A successful exploit could allow the attacker to access sensitive, browser-based information on the affected system or perform arbitrary actions in the affected software in the security context of the user. Cisco Bug IDs: CSCvh49694. Vendors have confirmed this vulnerability Bug ID CSCvh49694 It is released as.Information may be obtained and information may be altered. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. This component features scalable, distributed, and highly available enterprise Voice over IP call processing

Trust: 1.98

sources: NVD: CVE-2018-0386 // JVNDB: JVNDB-2018-009010 // BID: 105113 // VULHUB: VHN-118588

AFFECTED PRODUCTS

vendor:	cisco	model:	hosted collaboration solution	scope:	eq	version:	11.5\(1\)	Trust: 1.6
vendor:	cisco	model:	unified communications domain manager	scope:	eq	version:	-	Trust: 1.6
vendor:	cisco	model:	hosted collaboration solution	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	unified communications domain manager	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	unified communications domain manager	scope:	eq	version:	0	Trust: 0.3
vendor:	cisco	model:	hosted collaboration solution	scope:	eq	version:	11.5(1)	Trust: 0.3

sources: BID: 105113 // JVNDB: JVNDB-2018-009010 // CNNVD: CNNVD-201808-463 // NVD: CVE-2018-0386

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2018-0386
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2018-0386
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201808-463
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-118588
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2018-0386
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-118588
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2018-0386
baseSeverity:	MEDIUM
baseScore:	6.1
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	CHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	2.7
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-118588 // JVNDB: JVNDB-2018-009010 // CNNVD: CNNVD-201808-463 // NVD: CVE-2018-0386

PROBLEMTYPE DATA

problemtype:

CWE-79

Trust: 1.9

sources: VULHUB: VHN-118588 // JVNDB: JVNDB-2018-009010 // NVD: CVE-2018-0386

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201808-463

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-201808-463

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-009010

PATCH

title:

cisco-sa-20180815-cucdm-xss

url:

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180815-cucdm-xss

Trust: 0.8

sources: JVNDB: JVNDB-2018-009010

EXTERNAL IDS

db:	NVD	id:	CVE-2018-0386	Trust: 2.8
db:	BID	id:	105113	Trust: 2.0
db:	SECTRACK	id:	1041537	Trust: 1.7
db:	JVNDB	id:	JVNDB-2018-009010	Trust: 0.8
db:	CNNVD	id:	CNNVD-201808-463	Trust: 0.7
db:	VULHUB	id:	VHN-118588	Trust: 0.1

sources: VULHUB: VHN-118588 // BID: 105113 // JVNDB: JVNDB-2018-009010 // CNNVD: CNNVD-201808-463 // NVD: CVE-2018-0386

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20180815-cucdm-xss	Trust: 2.0
url:	http://www.securityfocus.com/bid/105113	Trust: 1.7
url:	http://www.securitytracker.com/id/1041537	Trust: 1.7
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0386	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2018-0386	Trust: 0.8
url:	http://www.cisco.com/	Trust: 0.3

sources: VULHUB: VHN-118588 // BID: 105113 // JVNDB: JVNDB-2018-009010 // CNNVD: CNNVD-201808-463 // NVD: CVE-2018-0386

CREDITS

Cisco

Trust: 0.3

sources: BID: 105113

SOURCES

db:	VULHUB	id:	VHN-118588
db:	BID	id:	105113
db:	JVNDB	id:	JVNDB-2018-009010
db:	CNNVD	id:	CNNVD-201808-463
db:	NVD	id:	CVE-2018-0386

LAST UPDATE DATE

2024-11-23T22:52:00.982000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-118588	date:	2019-10-09T00:00:00
db:	BID	id:	105113	date:	2018-08-15T00:00:00
db:	JVNDB	id:	JVNDB-2018-009010	date:	2018-11-05T00:00:00
db:	CNNVD	id:	CNNVD-201808-463	date:	2019-10-17T00:00:00
db:	NVD	id:	CVE-2018-0386	date:	2024-11-21T03:38:07.213

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-118588	date:	2018-08-15T00:00:00
db:	BID	id:	105113	date:	2018-08-15T00:00:00
db:	JVNDB	id:	JVNDB-2018-009010	date:	2018-11-05T00:00:00
db:	CNNVD	id:	CNNVD-201808-463	date:	2018-08-16T00:00:00
db:	NVD	id:	CVE-2018-0386	date:	2018-08-15T20:29:00.407