DOM-based Stored Cross-Site Scripting Vulnerability in Cisco Integrated Management Software
CVE-2018-0149

4.8MEDIUM

Key Information:

Vendor
Cisco
Status
Cisco Integrated Management Controller Supervisor And Cisco Ucs Director Unknown
Vendor
CVE Published:
7 June 2018

Summary

A security vulnerability exists in the web-based management interface of Cisco Integrated Management Controller Supervisor Software and Cisco UCS Director Software. This issue arises from inadequate validation of user input, making it possible for authenticated, remote attackers to perform DOM-based stored cross-site scripting (XSS) attacks. Exploiting this vulnerability requires persuading a user to click on a malicious link, which can lead to the execution of arbitrary script code within the context of the affected web interface, compromising the user's sensitive information. This provides attackers with an avenue to manipulate the affected system and potentially harvest confidential data.

Affected Version(s)

Cisco Integrated Management Controller Supervisor and Cisco UCS Director unknown Cisco Integrated Management Controller Supervisor and Cisco UCS Director unknown

References

https://tools.cisco.com/security/center/content/CiscoSecu...
x_refsource_CONFIRM
http://www.securityfocus.com/bid/104444
vdb-entryx_refsource_BID
http://www.securitytracker.com/id/1041072
vdb-entryx_refsource_SECTRACK

CVSS V3.1

Score:
4.8
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.