Reflected XSS Vulnerability in Cisco Unified Communications Manager Management Interface
CVE-2018-0411

6.1MEDIUM

Key Information:

Vendor
Cisco
Status
Cisco Unified Communications Manager Unknown
Vendor
CVE Published:
1 August 2018

Summary

A reflected cross-site scripting vulnerability exists in the web management interface of Cisco Unified Communications Manager. This flaw allows an unauthenticated, remote attacker to execute arbitrary script code in the context of a user’s session. It arises from the inadequate validation of user input, enabling attackers to craft malicious links that can lead unsuspecting users to compromise their session and potentially access sensitive information in their browsers. This vulnerability, highlighted by Cisco Bug ID CSCvk15343, poses significant risks, especially in environments where users frequently interact with the management interface.

Affected Version(s)

Cisco Unified Communications Manager unknown Cisco Unified Communications Manager unknown

References

https://tools.cisco.com/security/center/content/CiscoSecu...
x_refsource_CONFIRM
http://www.securityfocus.com/bid/104949
vdb-entryx_refsource_BID
http://www.securitytracker.com/id/1041407
vdb-entryx_refsource_SECTRACK

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.