CVE-2018-0465

Published: Oct 5, 2018Modified: Nov 21, 2024

6.1

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Exploitability: 2.8 / Impact: 2.7

Source: NVD

Description

A vulnerability in the web-based management interface of Cisco Small Business 300 Series Managed Switches could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface of an affected system. The vulnerability exists because the affected management interface performs insufficient validation of user-supplied input. An attacker could exploit this vulnerability by persuading a user of the interface to click a malicious link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or allow the attacker to access sensitive, browser-based information.

Affected (27)

Products: Cisco: Sf302 08pp Firmware, Sf302 08mpp Firmware, Sg300 10pp Firmware, Sg300 10mpp Firmware, Sf300 24pp Firmware, Sf300 48pp Firmware, Sg300 28pp Firmware, Sf300 08 Firmware, Sf300 48p Firmware, Sg300 10mp Firmware, Sg300 10p Firmware, Sg300 10 Firmware, Sg300 28p Firmware, Sf300 24p Firmware, Sf302 08mp Firmware, Sg300 28 Firmware, Sf300 48 Firmware, Sg300 20 Firmware, Sf302 08p Firmware, Sg300 52 Firmware, Sf300 24 Firmware, Sf302 08 Firmware, Sf300 24mp Firmware, Sg300 10sfp Firmware, Sg300 28mp Firmware, Sg300 52p Firmware, Sg300 52mp Firmware

27 products

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Cisco Sf302 08pp Firmware	Version 1.4.2.4

Running on/with	Platform Versions
Cisco Sf302 08pp	All versions

Configuration B

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Cisco Sf302 08mpp Firmware	Version 1.4.2.4

Running on/with	Platform Versions
Cisco Sf302 08mpp	All versions

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Cisco Sg300 10pp Firmware	Version 1.4.2.4

Running on/with	Platform Versions
Cisco Sg300 10pp	All versions

Configuration D

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Cisco Sg300 10mpp Firmware	Version 1.4.2.4

Running on/with	Platform Versions
Cisco Sg300 10mpp	All versions

Configuration E

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Cisco Sf300 24pp Firmware	Version 1.4.2.4

Running on/with	Platform Versions
Cisco Sf300 24pp	All versions

Configuration F

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Cisco Sf300 48pp Firmware	Version 1.4.2.4

Running on/with	Platform Versions
Cisco Sf300 48pp	All versions

Configuration G

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Cisco Sg300 28pp Firmware	Version 1.4.2.4

Running on/with	Platform Versions
Cisco Sg300 28pp	All versions

Configuration H

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Cisco Sf300 08 Firmware	Version 1.4.2.4

Running on/with	Platform Versions
Cisco Sf300 08	All versions

Configuration I

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Cisco Sf300 48p Firmware	Version 1.4.2.4

Running on/with	Platform Versions
Cisco Sf300 48p	All versions

Configuration J

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Cisco Sg300 10mp Firmware	Version 1.4.2.4

Running on/with	Platform Versions
Cisco Sg300 10mp	All versions

Configuration K

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Cisco Sg300 10p Firmware	Version 1.4.2.4

Running on/with	Platform Versions
Cisco Sg300 10p	All versions

Configuration L

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Cisco Sg300 10 Firmware	Version 1.4.2.4

Running on/with	Platform Versions
Cisco Sg300 10	All versions

Configuration M

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Cisco Sg300 28p Firmware	Version 1.4.2.4

Running on/with	Platform Versions
Cisco Sg300 28p	All versions

Configuration N

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Cisco Sf300 24p Firmware	Version 1.4.2.4

Running on/with	Platform Versions
Cisco Sf300 24p	All versions

Configuration O

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Cisco Sf302 08mp Firmware	Version 1.4.2.4

Running on/with	Platform Versions
Cisco Sf302 08mp	All versions

Configuration P

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Cisco Sg300 28 Firmware	Version 1.4.2.4

Running on/with	Platform Versions
Cisco Sg300 28	All versions

Configuration Q

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Cisco Sf300 48 Firmware	Version 1.4.2.4

Running on/with	Platform Versions
Cisco Sf300 48	All versions

Configuration R

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Cisco Sg300 20 Firmware	Version 1.4.2.4

Running on/with	Platform Versions
Cisco Sg300 20	All versions

Configuration S

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Cisco Sf302 08p Firmware	Version 1.4.2.4

Running on/with	Platform Versions
Cisco Sf302 08p	All versions

Configuration T

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Cisco Sg300 52 Firmware	Version 1.4.2.4

Running on/with	Platform Versions
Cisco Sg300 52	All versions

Configuration U

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Cisco Sf300 24 Firmware	Version 1.4.2.4

Running on/with	Platform Versions
Cisco Sf300 24	All versions

Configuration V

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Cisco Sf302 08 Firmware	Version 1.4.2.4

Running on/with	Platform Versions
Cisco Sf302 08	All versions

Configuration W

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Cisco Sf300 24mp Firmware	Version 1.4.2.4

Running on/with	Platform Versions
Cisco Sf300 24mp	All versions

Configuration X

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Cisco Sg300 10sfp Firmware	Version 1.4.2.4

Running on/with	Platform Versions
Cisco Sg300 10sfp	All versions

Configuration Y

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Cisco Sg300 28mp Firmware	Version 1.4.2.4

Running on/with	Platform Versions
Cisco Sg300 28mp	All versions

Configuration Z

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Cisco Sg300 52p Firmware	Version 1.4.2.4

Running on/with	Platform Versions
Cisco Sg300 52p	All versions

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Cisco Sg300 52mp Firmware	Version 1.4.2.4

Running on/with	Platform Versions
Cisco Sg300 52mp	All versions

Related CWEs

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

References (2)

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181003-300-switch-xss

Source: psirt@cisco.com

Vendor Advisory

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181003-300-switch-xss

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.