CVE-2018-0465

Cisco Small Business 300 Series Managed Switches Cross-Site Scripting Vulnerability

Severity Score

6.1

*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

A vulnerability in the web-based management interface of Cisco Small Business 300 Series Managed Switches could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface of an affected system. The vulnerability exists because the affected management interface performs insufficient validation of user-supplied input. An attacker could exploit this vulnerability by persuading a user of the interface to click a malicious link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or allow the attacker to access sensitive, browser-based information.

Una vulnerabilidad en la interfaz de gestión web de Cisco Small Business 300 Series Managed Switches podría permitir que un atacante remoto no autenticado lleve a cabo un ataque de Cross-Site Scripting (XSS) reflejado contra un usuario de la interfaz de un sistema afectado. Esta vulnerabilidad existe porque la interfaz de gestión afectada realiza validaciones insuficientes de la entrada proporcionada por el usuario. Un atacante podría explotar esta vulnerabilidad haciendo que un usuario de la interfaz haga clic en un enlace malicioso. Su explotación con éxito podría permitir que el atacante ejecute código script arbitrario en el contexto de la interfaz afectada o que acceda a información sensible del navegador.

*Credits: N/A

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Changed

Confidentiality

Low

Integrity

Low

Availability

None

Attack Vector

Network

Attack Complexity

Medium

Authentication

None

Confidentiality

None

Integrity

Partial

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2017-11-27 CVE Reserved
2018-10-05 CVE Published
2024-08-12 EPSS Updated
2024-09-16 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CAPEC

References (1)

URL	Tag	Source

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181003-300-switch-xss	2019-10-09

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Cisco Search vendor "Cisco"	Sf302-08pp Firmware Search vendor "Cisco" for product "Sf302-08pp Firmware"	1.4.2.4 Search vendor "Cisco" for product "Sf302-08pp Firmware" and version "1.4.2.4"	-	Affected	in	Cisco Search vendor "Cisco"	Sf302-08pp Search vendor "Cisco" for product "Sf302-08pp"	-	-	Safe
Cisco Search vendor "Cisco"	Sf302-08mpp Firmware Search vendor "Cisco" for product "Sf302-08mpp Firmware"	1.4.2.4 Search vendor "Cisco" for product "Sf302-08mpp Firmware" and version "1.4.2.4"	-	Affected	in	Cisco Search vendor "Cisco"	Sf302-08mpp Search vendor "Cisco" for product "Sf302-08mpp"	-	-	Safe
Cisco Search vendor "Cisco"	Sg300-10pp Firmware Search vendor "Cisco" for product "Sg300-10pp Firmware"	1.4.2.4 Search vendor "Cisco" for product "Sg300-10pp Firmware" and version "1.4.2.4"	-	Affected	in	Cisco Search vendor "Cisco"	Sg300-10pp Search vendor "Cisco" for product "Sg300-10pp"	-	-	Safe
Cisco Search vendor "Cisco"	Sg300-10mpp Firmware Search vendor "Cisco" for product "Sg300-10mpp Firmware"	1.4.2.4 Search vendor "Cisco" for product "Sg300-10mpp Firmware" and version "1.4.2.4"	-	Affected	in	Cisco Search vendor "Cisco"	Sg300-10mpp Search vendor "Cisco" for product "Sg300-10mpp"	-	-	Safe
Cisco Search vendor "Cisco"	Sf300-24pp Firmware Search vendor "Cisco" for product "Sf300-24pp Firmware"	1.4.2.4 Search vendor "Cisco" for product "Sf300-24pp Firmware" and version "1.4.2.4"	-	Affected	in	Cisco Search vendor "Cisco"	Sf300-24pp Search vendor "Cisco" for product "Sf300-24pp"	-	-	Safe
Cisco Search vendor "Cisco"	Sf300-48pp Firmware Search vendor "Cisco" for product "Sf300-48pp Firmware"	1.4.2.4 Search vendor "Cisco" for product "Sf300-48pp Firmware" and version "1.4.2.4"	-	Affected	in	Cisco Search vendor "Cisco"	Sf300-48pp Search vendor "Cisco" for product "Sf300-48pp"	-	-	Safe
Cisco Search vendor "Cisco"	Sg300-28pp Firmware Search vendor "Cisco" for product "Sg300-28pp Firmware"	1.4.2.4 Search vendor "Cisco" for product "Sg300-28pp Firmware" and version "1.4.2.4"	-	Affected	in	Cisco Search vendor "Cisco"	Sg300-28pp Search vendor "Cisco" for product "Sg300-28pp"	-	-	Safe
Cisco Search vendor "Cisco"	Sf300-08 Firmware Search vendor "Cisco" for product "Sf300-08 Firmware"	1.4.2.4 Search vendor "Cisco" for product "Sf300-08 Firmware" and version "1.4.2.4"	-	Affected	in	Cisco Search vendor "Cisco"	Sf300-08 Search vendor "Cisco" for product "Sf300-08"	-	-	Safe
Cisco Search vendor "Cisco"	Sf300-48p Firmware Search vendor "Cisco" for product "Sf300-48p Firmware"	1.4.2.4 Search vendor "Cisco" for product "Sf300-48p Firmware" and version "1.4.2.4"	-	Affected	in	Cisco Search vendor "Cisco"	Sf300-48p Search vendor "Cisco" for product "Sf300-48p"	-	-	Safe
Cisco Search vendor "Cisco"	Sg300-10mp Firmware Search vendor "Cisco" for product "Sg300-10mp Firmware"	1.4.2.4 Search vendor "Cisco" for product "Sg300-10mp Firmware" and version "1.4.2.4"	-	Affected	in	Cisco Search vendor "Cisco"	Sg300-10mp Search vendor "Cisco" for product "Sg300-10mp"	-	-	Safe
Cisco Search vendor "Cisco"	Sg300-10p Firmware Search vendor "Cisco" for product "Sg300-10p Firmware"	1.4.2.4 Search vendor "Cisco" for product "Sg300-10p Firmware" and version "1.4.2.4"	-	Affected	in	Cisco Search vendor "Cisco"	Sg300-10p Search vendor "Cisco" for product "Sg300-10p"	-	-	Safe
Cisco Search vendor "Cisco"	Sg300-10 Firmware Search vendor "Cisco" for product "Sg300-10 Firmware"	1.4.2.4 Search vendor "Cisco" for product "Sg300-10 Firmware" and version "1.4.2.4"	-	Affected	in	Cisco Search vendor "Cisco"	Sg300-10 Search vendor "Cisco" for product "Sg300-10"	-	-	Safe
Cisco Search vendor "Cisco"	Sg300-28p Firmware Search vendor "Cisco" for product "Sg300-28p Firmware"	1.4.2.4 Search vendor "Cisco" for product "Sg300-28p Firmware" and version "1.4.2.4"	-	Affected	in	Cisco Search vendor "Cisco"	Sg300-28p Search vendor "Cisco" for product "Sg300-28p"	-	-	Safe
Cisco Search vendor "Cisco"	Sf300-24p Firmware Search vendor "Cisco" for product "Sf300-24p Firmware"	1.4.2.4 Search vendor "Cisco" for product "Sf300-24p Firmware" and version "1.4.2.4"	-	Affected	in	Cisco Search vendor "Cisco"	Sf300-24p Search vendor "Cisco" for product "Sf300-24p"	-	-	Safe
Cisco Search vendor "Cisco"	Sf302-08mp Firmware Search vendor "Cisco" for product "Sf302-08mp Firmware"	1.4.2.4 Search vendor "Cisco" for product "Sf302-08mp Firmware" and version "1.4.2.4"	-	Affected	in	Cisco Search vendor "Cisco"	Sf302-08mp Search vendor "Cisco" for product "Sf302-08mp"	-	-	Safe
Cisco Search vendor "Cisco"	Sg300-28 Firmware Search vendor "Cisco" for product "Sg300-28 Firmware"	1.4.2.4 Search vendor "Cisco" for product "Sg300-28 Firmware" and version "1.4.2.4"	-	Affected	in	Cisco Search vendor "Cisco"	Sg300-28 Search vendor "Cisco" for product "Sg300-28"	-	-	Safe
Cisco Search vendor "Cisco"	Sf300-48 Firmware Search vendor "Cisco" for product "Sf300-48 Firmware"	1.4.2.4 Search vendor "Cisco" for product "Sf300-48 Firmware" and version "1.4.2.4"	-	Affected	in	Cisco Search vendor "Cisco"	Sf300-48 Search vendor "Cisco" for product "Sf300-48"	-	-	Safe
Cisco Search vendor "Cisco"	Sg300-20 Firmware Search vendor "Cisco" for product "Sg300-20 Firmware"	1.4.2.4 Search vendor "Cisco" for product "Sg300-20 Firmware" and version "1.4.2.4"	-	Affected	in	Cisco Search vendor "Cisco"	Sg300-20 Search vendor "Cisco" for product "Sg300-20"	-	-	Safe
Cisco Search vendor "Cisco"	Sf302-08p Firmware Search vendor "Cisco" for product "Sf302-08p Firmware"	1.4.2.4 Search vendor "Cisco" for product "Sf302-08p Firmware" and version "1.4.2.4"	-	Affected	in	Cisco Search vendor "Cisco"	Sf302-08p Search vendor "Cisco" for product "Sf302-08p"	-	-	Safe
Cisco Search vendor "Cisco"	Sg300-52 Firmware Search vendor "Cisco" for product "Sg300-52 Firmware"	1.4.2.4 Search vendor "Cisco" for product "Sg300-52 Firmware" and version "1.4.2.4"	-	Affected	in	Cisco Search vendor "Cisco"	Sg300-52 Search vendor "Cisco" for product "Sg300-52"	-	-	Safe
Cisco Search vendor "Cisco"	Sf300-24 Firmware Search vendor "Cisco" for product "Sf300-24 Firmware"	1.4.2.4 Search vendor "Cisco" for product "Sf300-24 Firmware" and version "1.4.2.4"	-	Affected	in	Cisco Search vendor "Cisco"	Sf300-24 Search vendor "Cisco" for product "Sf300-24"	-	-	Safe
Cisco Search vendor "Cisco"	Sf302-08 Firmware Search vendor "Cisco" for product "Sf302-08 Firmware"	1.4.2.4 Search vendor "Cisco" for product "Sf302-08 Firmware" and version "1.4.2.4"	-	Affected	in	Cisco Search vendor "Cisco"	Sf302-08 Search vendor "Cisco" for product "Sf302-08"	-	-	Safe
Cisco Search vendor "Cisco"	Sf300-24mp Firmware Search vendor "Cisco" for product "Sf300-24mp Firmware"	1.4.2.4 Search vendor "Cisco" for product "Sf300-24mp Firmware" and version "1.4.2.4"	-	Affected	in	Cisco Search vendor "Cisco"	Sf300-24mp Search vendor "Cisco" for product "Sf300-24mp"	-	-	Safe
Cisco Search vendor "Cisco"	Sg300-10sfp Firmware Search vendor "Cisco" for product "Sg300-10sfp Firmware"	1.4.2.4 Search vendor "Cisco" for product "Sg300-10sfp Firmware" and version "1.4.2.4"	-	Affected	in	Cisco Search vendor "Cisco"	Sg300-10sfp Search vendor "Cisco" for product "Sg300-10sfp"	-	-	Safe
Cisco Search vendor "Cisco"	Sg300-28mp Firmware Search vendor "Cisco" for product "Sg300-28mp Firmware"	1.4.2.4 Search vendor "Cisco" for product "Sg300-28mp Firmware" and version "1.4.2.4"	-	Affected	in	Cisco Search vendor "Cisco"	Sg300-28mp Search vendor "Cisco" for product "Sg300-28mp"	-	-	Safe
Cisco Search vendor "Cisco"	Sg300-52p Firmware Search vendor "Cisco" for product "Sg300-52p Firmware"	1.4.2.4 Search vendor "Cisco" for product "Sg300-52p Firmware" and version "1.4.2.4"	-	Affected	in	Cisco Search vendor "Cisco"	Sg300-52p Search vendor "Cisco" for product "Sg300-52p"	-	-	Safe
Cisco Search vendor "Cisco"	Sg300-52mp Firmware Search vendor "Cisco" for product "Sg300-52mp Firmware"	1.4.2.4 Search vendor "Cisco" for product "Sg300-52mp Firmware" and version "1.4.2.4"	-	Affected	in	Cisco Search vendor "Cisco"	Sg300-52mp Search vendor "Cisco" for product "Sg300-52mp"	-	-	Safe