Details of VAR-201810-0326

ID

VAR-201810-0326

CVE

CVE-2018-0452

TITLE

Cisco Tetration Analytics Vulnerable to cross-site scripting

Trust: 0.8

sources: JVNDB: JVNDB-2018-010564

DESCRIPTION

A vulnerability in the web-based management interface of Cisco Tetration Analytics could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit this vulnerability by persuading a user of the interface to click a customized link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive browser-based information. Cisco Tetration Analytics Contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. This issue is being tracked by Cisco Bug ID CSCvh97925. The product has functions such as trust whitelist, software vulnerability detection and network performance monitoring

Trust: 1.98

sources: NVD: CVE-2018-0452 // JVNDB: JVNDB-2018-010564 // BID: 105278 // VULHUB: VHN-118654

AFFECTED PRODUCTS

vendor:	cisco	model:	tetration analytics	scope:	eq	version:	2.1	Trust: 1.6
vendor:	cisco	model:	tetration analytics	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	tetration analytics	scope:	eq	version:	2.1(1.33)	Trust: 0.3
vendor:	cisco	model:	tetration analytics	scope:	eq	version:	2.1(1.31)	Trust: 0.3
vendor:	cisco	model:	tetration analytics	scope:	eq	version:	2.1(1.29)	Trust: 0.3

sources: BID: 105278 // JVNDB: JVNDB-2018-010564 // CNNVD: CNNVD-201809-270 // NVD: CVE-2018-0452

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2018-0452
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2018-0452
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201809-270
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-118654
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2018-0452
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-118654
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2018-0452
baseSeverity:	MEDIUM
baseScore:	6.1
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	CHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	2.7
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-118654 // JVNDB: JVNDB-2018-010564 // CNNVD: CNNVD-201809-270 // NVD: CVE-2018-0452

PROBLEMTYPE DATA

problemtype:

CWE-79

Trust: 1.9

sources: VULHUB: VHN-118654 // JVNDB: JVNDB-2018-010564 // NVD: CVE-2018-0452

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201809-270

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-201809-270

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-010564

PATCH

title:	cisco-sa-20180905-tetration-xss	url:	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180905-tetration-xss	Trust: 0.8
title:	Cisco Tetration Analytics Fixes for cross-site scripting vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=84601	Trust: 0.6

sources: JVNDB: JVNDB-2018-010564 // CNNVD: CNNVD-201809-270

EXTERNAL IDS

db:	NVD	id:	CVE-2018-0452	Trust: 2.8
db:	BID	id:	105278	Trust: 2.0
db:	JVNDB	id:	JVNDB-2018-010564	Trust: 0.8
db:	CNNVD	id:	CNNVD-201809-270	Trust: 0.7
db:	VULHUB	id:	VHN-118654	Trust: 0.1

sources: VULHUB: VHN-118654 // BID: 105278 // JVNDB: JVNDB-2018-010564 // CNNVD: CNNVD-201809-270 // NVD: CVE-2018-0452

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20180905-tetration-xss	Trust: 2.0
url:	http://www.securityfocus.com/bid/105278	Trust: 1.7
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-0452	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2018-0452	Trust: 0.8
url:	http://www.cisco.com/	Trust: 0.3

sources: VULHUB: VHN-118654 // BID: 105278 // JVNDB: JVNDB-2018-010564 // CNNVD: CNNVD-201809-270 // NVD: CVE-2018-0452

CREDITS

Cisco

Trust: 0.3

sources: BID: 105278

SOURCES

db:	VULHUB	id:	VHN-118654
db:	BID	id:	105278
db:	JVNDB	id:	JVNDB-2018-010564
db:	CNNVD	id:	CNNVD-201809-270
db:	NVD	id:	CVE-2018-0452

LAST UPDATE DATE

2024-11-23T22:41:40.616000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-118654	date:	2019-10-09T00:00:00
db:	BID	id:	105278	date:	2018-09-05T00:00:00
db:	JVNDB	id:	JVNDB-2018-010564	date:	2018-12-18T00:00:00
db:	CNNVD	id:	CNNVD-201809-270	date:	2019-10-17T00:00:00
db:	NVD	id:	CVE-2018-0452	date:	2024-11-21T03:38:15.650

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-118654	date:	2018-10-05T00:00:00
db:	BID	id:	105278	date:	2018-09-05T00:00:00
db:	JVNDB	id:	JVNDB-2018-010564	date:	2018-12-18T00:00:00
db:	CNNVD	id:	CNNVD-201809-270	date:	2018-09-06T00:00:00
db:	NVD	id:	CVE-2018-0452	date:	2018-10-05T14:29:03.230