CVE-2018-0408

{"id": "CVE-2018-0408", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 3.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 6.8, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.0", "baseScore": 5.4, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 2.3}]}, "published": "2018-08-01T20:29:00.433", "references": [{"url": "http://www.securityfocus.com/bid/104948", "tags": ["Third Party Advisory", "VDB Entry"], "source": "ykramarz@cisco.com"}, {"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180801-sb-rxss", "tags": ["Vendor Advisory"], "source": "ykramarz@cisco.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-79"}]}, {"type": "Secondary", "source": "ykramarz@cisco.com", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability in the web-based management interface of Cisco Small Business 300 Series (Sx300) Managed Switches could allow an authenticated, remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or allow the attacker to access sensitive browser-based information. Cisco Bug IDs: CSCvi87330."}, {"lang": "es", "value": "Una vulnerabilidad en la interfaz de gesti\u00f3n web de Cisco Small Business 300 Series (Sx300) Managed Switches podr\u00eda permitir que un atacante remoto autenticado lleve a cabo un ataque de Cross-Site Scripting (XSS) reflejado contra un usuario de dicha interfaz en un dispositivo afectado. La vulnerabilidad se debe a la validaci\u00f3n insuficiente de entrada de datos de parte del usuario en la interfaz de gesti\u00f3n web de un dispositivo afectado. Un atacante podr\u00eda explotar esta vulnerabilidad haciendo que un usuario de la interfaz haga clic en un enlace manipulado. Un exploit con \u00e9xito podr\u00eda permitir al atacante ejecutar c\u00f3digo script arbitrario en el contexto de la interfaz o que pueda acceder a informaci\u00f3n sensible del navegador. Cisco Bug IDs: CSCvi87330."}], "lastModified": "2019-10-09T23:32:00.210", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:cisco:sf300-08_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "95F84EE8-5FE2-4BFE-91B1-5AB98FB7145E", "versionEndIncluding": "1.4.7.06", "versionStartIncluding": "1.4.7"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:cisco:sf300-08:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "7C96B794-16D3-46FE-8A2B-262BD38994E8"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:cisco:sf302-08_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "40E128AD-0ED3-4325-A8AB-99DBE8737F06", "versionEndIncluding": "1.4.7.06", "versionStartIncluding": "1.4.7"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:cisco:sf302-08:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "04042998-72B6-4215-9264-CC563E51D9CF"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:cisco:sf302-08p_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "119B8DCA-72CA-4B79-82C0-F05620ECFB78", "versionEndIncluding": "1.4.7.06", "versionStartIncluding": "1.4.7"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:cisco:sf302-08p:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "B9C97D56-2E3C-4F36-89E2-BC169AED3CC2"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:cisco:sf302-08pp_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0DCF7541-B413-431C-82E5-E12AE5D992AC", "versionEndIncluding": "1.4.7.06", "versionStartIncluding": "1.4.7"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:cisco:sf302-08pp:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "EFFEF3C3-0C7C-4359-A45F-00152ACAB545"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:cisco:sf302-08mp_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "97BCF797-3FF4-40A1-B8C2-4080E09640AE", "versionEndIncluding": "1.4.7.06", "versionStartIncluding": "1.4.7"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:cisco:sf302-08mp:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "8124725E-8340-43BC-BEBB-BC39E3AE7368"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:cisco:sf302-08mpp_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B4AABF11-47DB-4DC4-9B90-2D3258EAFAAD", "versionEndIncluding": "1.4.7.06", "versionStartIncluding": "1.4.7"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:cisco:sf302-08mpp:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "19890DBE-F1B9-4454-8738-AC2AC6704C75"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:cisco:sf300-24_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FEE86224-1883-4A5A-A49F-09FF51884472", "versionEndIncluding": "1.4.7.06", "versionStartIncluding": "1.4.7"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:cisco:sf300-24:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "C324F7E3-2088-452F-B049-519A9D25C9B5"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:cisco:sf300-24p_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "479DB0EF-166A-4C0D-9659-6F2891C88A18", "versionEndIncluding": "1.4.7.06", "versionStartIncluding": "1.4.7"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:cisco:sf300-24p:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "71D909B9-5B11-401E-8484-D6CD39D64142"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:cisco:sf300-24pp_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2B519DA0-9C2D-4FE9-BD8C-5C94AFFF701E", "versionEndIncluding": "1.4.7.06", "versionStartIncluding": "1.4.7"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:cisco:sf300-24pp:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "4E7B70CB-9D7A-4637-8A51-634157F7AC85"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:cisco:sf300-24mp_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "87087817-E993-4D58-864C-6FFCFB924AD3", "versionEndIncluding": "1.4.7.06", "versionStartIncluding": "1.4.7"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:cisco:sf300-24mp:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "4882366A-9450-47BE-BE70-CC3A9D2F5275"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:cisco:sf300-48_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D876D181-2F4C-447A-988A-BF585E5F38D9", "versionEndIncluding": "1.4.7.06", "versionStartIncluding": "1.4.7"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:cisco:sf300-48:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "765DECDB-4234-4444-B78F-01C1DCBAD8FA"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:cisco:sf300-48p_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "56AF6213-3930-4B0D-9A15-54C8027CF9FD", "versionEndIncluding": "1.4.7.06", "versionStartIncluding": "1.4.7"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:cisco:sf300-48p:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "A5307DEF-DCD1-417A-B649-FF4DCE66193E"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:cisco:sf300-48pp_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B13747A0-FE84-4DED-923E-AA65BB4B5BC9", "versionEndIncluding": "1.4.7.06", "versionStartIncluding": "1.4.7"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:cisco:sf300-48pp:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "E5248F85-411D-4ED9-983C-A28A90C8FC70"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:cisco:sg300-10_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3885C4C4-579F-49C7-840F-256BC8FB3E34", "versionEndIncluding": "1.4.7.06", "versionStartIncluding": "1.4.7"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:cisco:sg300-10:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "78B44981-5C59-4328-A7DB-FBF50F9C92C2"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:cisco:sg300-10sfp_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2E313896-91C7-480B-AB3C-A4837F9AC363", "versionEndIncluding": "1.4.7.06", "versionStartIncluding": "1.4.7"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:cisco:sg300-10sfp:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "B402FBC0-91FC-471D-9D8A-C71F4FECF338"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:cisco:sg300-10p_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FF86F983-F89C-4ED4-A092-981577DDC737", "versionEndIncluding": "1.4.7.06", "versionStartIncluding": "1.4.7"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:cisco:sg300-10p:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "9054C3D1-BA1A-4BAC-8834-88673B804E4E"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:cisco:sg300-10pp_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8ACA5D51-86C8-44CF-A100-2F5B2FD378FF", "versionEndIncluding": "1.4.7.06", "versionStartIncluding": "1.4.7"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:cisco:sg300-10pp:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "8F1772C3-48DB-4BEF-9F12-CDCC3BBFA0E1"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:cisco:sg300-10mp_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5C2F8BDA-9360-418A-BEEF-E41A5CD345AB", "versionEndIncluding": "1.4.7.06", "versionStartIncluding": "1.4.7"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:cisco:sg300-10mp:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "95F6D7AC-2ACB-4693-AB8E-C700B99C5BF4"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:cisco:sg300-10mpp_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "89C0F0FC-C706-4D8B-B396-12BCBE2FF6C0", "versionEndIncluding": "1.4.7.06", "versionStartIncluding": "1.4.7"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:cisco:sg300-10mpp:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "AAD7CDE3-7247-4EA9-8A72-7ABC961BD895"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:cisco:sg300-20_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0E97DA27-09CF-4292-A91A-ADBA744D1C8F", "versionEndIncluding": "1.4.7.06", "versionStartIncluding": "1.4.7"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:cisco:sg300-20:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "50A677CE-4360-4780-ABF9-466C45CB19E1"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:cisco:sg300-28_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DDDC3FFD-1161-41B7-843C-83D07D0FF567", "versionEndIncluding": "1.4.7.06", "versionStartIncluding": "1.4.7"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:cisco:sg300-28:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "E74DB8D8-B79B-4DAE-BF88-98C1F518E76D"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:cisco:sg300-28p_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "980AFDC6-9A11-46FC-9570-431CC9667D98", "versionEndIncluding": "1.4.7.06", "versionStartIncluding": "1.4.7"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:cisco:sg300-28p:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "A2D5109D-C78B-4362-B000-0AA073FCC843"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:cisco:sg300-28pp_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E4A5FB60-E017-4F83-9809-052CFBF1B335", "versionEndIncluding": "1.4.7.06", "versionStartIncluding": "1.4.7"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:cisco:sg300-28pp:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "AD6F6741-AA56-47EA-998C-78FD7F6B01CC"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:cisco:sg300-28mp_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D273D904-0FAC-43A5-A89F-1FDE2952A615", "versionEndIncluding": "1.4.7.06", "versionStartIncluding": "1.4.7"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:cisco:sg300-28mp:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "2DB2B761-E591-42B6-B62F-63A6D41F4FAC"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:cisco:sg300-52_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "21AD5E5A-CAEA-4259-BEF4-CF060FC80F77", "versionEndIncluding": "1.4.7.06", "versionStartIncluding": "1.4.7"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:cisco:sg300-52:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "8E26EE1D-763F-4893-9997-F4C1CE7A1089"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:cisco:sg300-52p_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "65B1C306-BC99-4A86-919A-3A72FA94686B", "versionEndIncluding": "1.4.7.06", "versionStartIncluding": "1.4.7"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:cisco:sg300-52p:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "5E9DF9C4-9D06-4449-8AF0-8322C6B77F6A"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:cisco:sg300-52mp_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5A429813-D852-4E17-BD52-FEC0C1ADDD23", "versionEndIncluding": "1.4.7.06", "versionStartIncluding": "1.4.7"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:cisco:sg300-52mp:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "A4C3B5A2-CAE6-4E75-A1A3-4FCB1C62A7A8"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:cisco:sg300-28sfp_firmware:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F7AEAE0B-80A0-49E8-9206-454D3B4EB5B2", "versionEndIncluding": "1.4.7.06", "versionStartIncluding": "1.4.7"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:cisco:sg300-28sfp:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "FAD69957-B714-406D-9775-92A7D993BAC6"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "ykramarz@cisco.com"}