CVE-2018-0408

Published: Aug 1, 2018Modified: Nov 21, 2024

5.4

Vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Exploitability: 2.3 / Impact: 2.7

Source: NVD

Description

A vulnerability in the web-based management interface of Cisco Small Business 300 Series (Sx300) Managed Switches could allow an authenticated, remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or allow the attacker to access sensitive browser-based information. Cisco Bug IDs: CSCvi87330.

Affected (28)

Products: Cisco: Sf300 08 Firmware, Sf302 08 Firmware, Sf302 08p Firmware, Sf302 08pp Firmware, Sf302 08mp Firmware, Sf302 08mpp Firmware, Sf300 24 Firmware, Sf300 24p Firmware, Sf300 24pp Firmware, Sf300 24mp Firmware, Sf300 48 Firmware, Sf300 48p Firmware, Sf300 48pp Firmware, Sg300 10 Firmware, Sg300 10sfp Firmware, Sg300 10p Firmware, Sg300 10pp Firmware, Sg300 10mp Firmware, Sg300 10mpp Firmware, Sg300 20 Firmware, Sg300 28 Firmware, Sg300 28p Firmware, Sg300 28pp Firmware, Sg300 28mp Firmware, Sg300 52 Firmware, Sg300 52p Firmware, Sg300 52mp Firmware, Sg300 28sfp Firmware

28 products

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Cisco Sf300 08 Firmware	From 1.4.7 to 1.4.7.06

Running on/with	Platform Versions
Cisco Sf300 08	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Cisco Sf302 08 Firmware	From 1.4.7 to 1.4.7.06

Running on/with	Platform Versions
Cisco Sf302 08	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Cisco Sf302 08p Firmware	From 1.4.7 to 1.4.7.06

Running on/with	Platform Versions
Cisco Sf302 08p	All versions

Configuration D

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Cisco Sf302 08pp Firmware	From 1.4.7 to 1.4.7.06

Running on/with	Platform Versions
Cisco Sf302 08pp	All versions

Configuration E

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Cisco Sf302 08mp Firmware	From 1.4.7 to 1.4.7.06

Running on/with	Platform Versions
Cisco Sf302 08mp	All versions

Configuration F

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Cisco Sf302 08mpp Firmware	From 1.4.7 to 1.4.7.06

Running on/with	Platform Versions
Cisco Sf302 08mpp	All versions

Configuration G

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Cisco Sf300 24 Firmware	From 1.4.7 to 1.4.7.06

Running on/with	Platform Versions
Cisco Sf300 24	All versions

Configuration H

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Cisco Sf300 24p Firmware	From 1.4.7 to 1.4.7.06

Running on/with	Platform Versions
Cisco Sf300 24p	All versions

Configuration I

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Cisco Sf300 24pp Firmware	From 1.4.7 to 1.4.7.06

Running on/with	Platform Versions
Cisco Sf300 24pp	All versions

Configuration J

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Cisco Sf300 24mp Firmware	From 1.4.7 to 1.4.7.06

Running on/with	Platform Versions
Cisco Sf300 24mp	All versions

Configuration K

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Cisco Sf300 48 Firmware	From 1.4.7 to 1.4.7.06

Running on/with	Platform Versions
Cisco Sf300 48	All versions

Configuration L

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Cisco Sf300 48p Firmware	From 1.4.7 to 1.4.7.06

Running on/with	Platform Versions
Cisco Sf300 48p	All versions

Configuration M

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Cisco Sf300 48pp Firmware	From 1.4.7 to 1.4.7.06

Running on/with	Platform Versions
Cisco Sf300 48pp	All versions

Configuration N

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Cisco Sg300 10 Firmware	From 1.4.7 to 1.4.7.06

Running on/with	Platform Versions
Cisco Sg300 10	All versions

Configuration O

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Cisco Sg300 10sfp Firmware	From 1.4.7 to 1.4.7.06

Running on/with	Platform Versions
Cisco Sg300 10sfp	All versions

Configuration P

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Cisco Sg300 10p Firmware	From 1.4.7 to 1.4.7.06

Running on/with	Platform Versions
Cisco Sg300 10p	All versions

Configuration Q

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Cisco Sg300 10pp Firmware	From 1.4.7 to 1.4.7.06

Running on/with	Platform Versions
Cisco Sg300 10pp	All versions

Configuration R

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Cisco Sg300 10mp Firmware	From 1.4.7 to 1.4.7.06

Running on/with	Platform Versions
Cisco Sg300 10mp	All versions

Configuration S

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Cisco Sg300 10mpp Firmware	From 1.4.7 to 1.4.7.06

Running on/with	Platform Versions
Cisco Sg300 10mpp	All versions

Configuration T

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Cisco Sg300 20 Firmware	From 1.4.7 to 1.4.7.06

Running on/with	Platform Versions
Cisco Sg300 20	All versions

Configuration U

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Cisco Sg300 28 Firmware	From 1.4.7 to 1.4.7.06

Running on/with	Platform Versions
Cisco Sg300 28	All versions

Configuration V

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Cisco Sg300 28p Firmware	From 1.4.7 to 1.4.7.06

Running on/with	Platform Versions
Cisco Sg300 28p	All versions

Configuration W

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Cisco Sg300 28pp Firmware	From 1.4.7 to 1.4.7.06

Running on/with	Platform Versions
Cisco Sg300 28pp	All versions

Configuration X

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Cisco Sg300 28mp Firmware	From 1.4.7 to 1.4.7.06

Running on/with	Platform Versions
Cisco Sg300 28mp	All versions

Configuration Y

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Cisco Sg300 52 Firmware	From 1.4.7 to 1.4.7.06

Running on/with	Platform Versions
Cisco Sg300 52	All versions

Configuration Z

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Cisco Sg300 52p Firmware	From 1.4.7 to 1.4.7.06

Running on/with	Platform Versions
Cisco Sg300 52p	All versions

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Cisco Sg300 52mp Firmware	From 1.4.7 to 1.4.7.06

Running on/with	Platform Versions
Cisco Sg300 52mp	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Cisco Sg300 28sfp Firmware	From 1.4.7 to 1.4.7.06

Running on/with	Platform Versions
Cisco Sg300 28sfp	All versions

Related CWEs

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

References (4)

http://www.securityfocus.com/bid/104948

Source: psirt@cisco.com

Third Party AdvisoryVDB Entry

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180801-sb-rxss

Source: psirt@cisco.com

Vendor Advisory

http://www.securityfocus.com/bid/104948

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180801-sb-rxss

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.