CVE-2018-0400 - OpenCVE

Multiple vulnerabilities in the web-based management interface of Cisco Unified Contact Center Express (Unified CCX) could allow an unauthenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface. Cisco Bug IDs: CSCvg70904.

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction Required

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:M/Au:N/C:N/I:P/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Cisco	Unified Contact Center Express Unified Ip Interactive Voice Response

Configuration 1 [-]

OR	cpe:2.3:a:cisco:unified_contact_center_express:11.5\(1\):::::::*
	cpe:2.3:a:cisco:unified_ip_interactive_voice_response:11.5\(1\):::::::*

References

Link	Resource
http://www.securitytracker.com/id/1041352	Third Party Advisory VDB Entry
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180718-uccx	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: cisco

Published: 2018-07-18T23:00:00

Updated: 2018-07-27T09:57:01

Reserved: 2017-11-27T00:00:00

Link: CVE-2018-0400

JSON object: View

NVD Information

Status : Modified

Published: 2018-07-18T23:29:01.400

Modified: 2019-10-09T23:31:58.803

Link: CVE-2018-0400

JSON object: View

Redhat Information

No data.

CWE

CWE-79

{"containers": {"cna": {"affected": [{"product": "Cisco Unified Contact Center Express unknown", "vendor": "n/a", "versions": [{"status": "affected", "version": "Cisco Unified Contact Center Express unknown"}]}], "datePublic": "2018-07-18T00:00:00", "descriptions": [{"lang": "en", "value": "Multiple vulnerabilities in the web-based management interface of Cisco Unified Contact Center Express (Unified CCX) could allow an unauthenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface. Cisco Bug IDs: CSCvg70904."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-79", "description": "CWE-79", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2018-07-27T09:57:01", "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180718-uccx"}, {"name": "1041352", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1041352"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@cisco.com", "ID": "CVE-2018-0400", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Cisco Unified Contact Center Express unknown", "version": {"version_data": [{"version_value": "Cisco Unified Contact Center Express unknown"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Multiple vulnerabilities in the web-based management interface of Cisco Unified Contact Center Express (Unified CCX) could allow an unauthenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface. Cisco Bug IDs: CSCvg70904."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-79"}]}]}, "references": {"reference_data": [{"name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180718-uccx", "refsource": "CONFIRM", "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180718-uccx"}, {"name": "1041352", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1041352"}]}}}}, "cveMetadata": {"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "assignerShortName": "cisco", "cveId": "CVE-2018-0400", "datePublished": "2018-07-18T23:00:00", "dateReserved": "2017-11-27T00:00:00", "dateUpdated": "2018-07-27T09:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:cisco:unified_contact_center_express:11.5\\(1\\):*:*:*:*:*:*:*", "matchCriteriaId": "68236DFF-B60E-4209-B9B4-AC75D393A243", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:unified_ip_interactive_voice_response:11.5\\(1\\):*:*:*:*:*:*:*", "matchCriteriaId": "FDB78FD4-9E48-4527-840C-AADBEBBD0558", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Multiple vulnerabilities in the web-based management interface of Cisco Unified Contact Center Express (Unified CCX) could allow an unauthenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface. Cisco Bug IDs: CSCvg70904."}, {"lang": "es", "value": "M\u00faltiples vulnerabilidades en la interfaz de gesti\u00f3n web de Cisco Unified Contact Center Express (Unified CCX) podr\u00edan permitir que un atacante remoto sin autenticar lleve a cabo ataques de Cross-Site Scripting (XSS) contra un usuario de la interfaz. Cisco Bug IDs: CSCvg70904."}], "id": "CVE-2018-0400", "lastModified": "2019-10-09T23:31:58.803", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2018-07-18T23:29:01.400", "references": [{"source": "ykramarz@cisco.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id/1041352"}, {"source": "ykramarz@cisco.com", "tags": ["Vendor Advisory"], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180718-uccx"}], "sourceIdentifier": "ykramarz@cisco.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-79"}], "source": "ykramarz@cisco.com", "type": "Secondary"}]}