{"containers": {"cna": {"affected": [{"product": "Cisco Unified Communications Manager unknown", "vendor": "n/a", "versions": [{"status": "affected", "version": "Cisco Unified Communications Manager unknown"}]}], "datePublic": "2018-06-07T00:00:00", "descriptions": [{"lang": "en", "value": "A vulnerability in the web UI of Cisco Unified Communications Manager (Unified CM) could allow an unauthenticated, remote attacker to conduct a cross-frame scripting (XFS) attack against the user of the web UI of an affected system. The vulnerability is due to insufficient protections for HTML inline frames (iframes) by the web UI of the affected software. An attacker could exploit this vulnerability by persuading a user of the affected UI to navigate to an attacker-controlled web page that contains a malicious HTML iframe. A successful exploit could allow the attacker to conduct click-jacking or other client-side browser attacks on the affected system. Cisco Bug IDs: CSCvg19761."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-20", "description": "CWE-20", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2018-06-14T09:57:01", "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco"}, "references": [{"name": "104425", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/104425"}, {"name": "1041068", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1041068"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-cucm-xfs"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@cisco.com", "ID": "CVE-2018-0355", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Cisco Unified Communications Manager unknown", "version": {"version_data": [{"version_value": "Cisco Unified Communications Manager unknown"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A vulnerability in the web UI of Cisco Unified Communications Manager (Unified CM) could allow an unauthenticated, remote attacker to conduct a cross-frame scripting (XFS) attack against the user of the web UI of an affected system. The vulnerability is due to insufficient protections for HTML inline frames (iframes) by the web UI of the affected software. An attacker could exploit this vulnerability by persuading a user of the affected UI to navigate to an attacker-controlled web page that contains a malicious HTML iframe. A successful exploit could allow the attacker to conduct click-jacking or other client-side browser attacks on the affected system. Cisco Bug IDs: CSCvg19761."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-20"}]}]}, "references": {"reference_data": [{"name": "104425", "refsource": "BID", "url": "http://www.securityfocus.com/bid/104425"}, {"name": "1041068", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1041068"}, {"name": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-cucm-xfs", "refsource": "CONFIRM", "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-cucm-xfs"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T03:21:15.458Z"}, "title": "CVE Program Container", "references": [{"name": "104425", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/104425"}, {"name": "1041068", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id/1041068"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-cucm-xfs"}]}]}, "cveMetadata": {"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "assignerShortName": "cisco", "cveId": "CVE-2018-0355", "datePublished": "2018-06-07T21:00:00", "dateReserved": "2017-11-27T00:00:00", "dateUpdated": "2024-08-05T03:21:15.458Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:cisco:unified_communications_manager:10.5\\(2.10000.5\\):*:*:*:*:*:*:*", "matchCriteriaId": "520555C7-5E9B-4C76-AAB5-5DD8B29D18F0", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:unified_communications_manager:11.0\\(1.10000.10\\):*:*:*:*:*:*:*", "matchCriteriaId": "F47282B9-8B76-40E0-B72C-A6A196A37A0C", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:unified_communications_manager:11.5\\(1.10000.6\\):*:*:*:*:*:*:*", "matchCriteriaId": "21BFC3A9-B6B1-49EE-A93A-6432BFE33E84", "vulnerable": true}, {"criteria": "cpe:2.3:a:cisco:unified_communications_manager:12.0\\(1.10000.10\\):*:*:*:*:*:*:*", "matchCriteriaId": "1BA185BB-D78F-4F4E-B248-9AF550F0C4E0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability in the web UI of Cisco Unified Communications Manager (Unified CM) could allow an unauthenticated, remote attacker to conduct a cross-frame scripting (XFS) attack against the user of the web UI of an affected system. The vulnerability is due to insufficient protections for HTML inline frames (iframes) by the web UI of the affected software. An attacker could exploit this vulnerability by persuading a user of the affected UI to navigate to an attacker-controlled web page that contains a malicious HTML iframe. A successful exploit could allow the attacker to conduct click-jacking or other client-side browser attacks on the affected system. Cisco Bug IDs: CSCvg19761."}, {"lang": "es", "value": "Una vulnerabilidad en la interfaz web de Cisco Unified Communications Manager (Unified CM) podr\u00eda permitir que un atacante remoto sin autenticar lleve a cabo un ataque de Cross-Frame Scripting (XFS) reflejado contra un usuario de dicha interfaz en el sistema afectado. Esta vulnerabilidad se debe a las protecciones insuficientes de frames inline HTML (iframes) de la interfaz web del software afectado. Un atacante podr\u00eda explotar esta vulnerabilidad persuadiendo a un usuario de la interfaz afectada para que visite una p\u00e1gina web controlada por el atacante que contenga un iframe de HTML malicioso. Su explotaci\u00f3n con \u00e9xito podr\u00eda permitir que el atacante lleve a cabo el secuestro de clics u otros ataques de navegador del lado del cliente en el sistema afectado. Cisco Bug IDs: CSCvg19761."}], "id": "CVE-2018-0355", "lastModified": "2020-09-04T15:56:47.970", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2018-06-07T21:29:00.837", "references": [{"source": "ykramarz@cisco.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/104425"}, {"source": "ykramarz@cisco.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id/1041068"}, {"source": "ykramarz@cisco.com", "tags": ["Vendor Advisory"], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180606-cucm-xfs"}], "sourceIdentifier": "ykramarz@cisco.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-1021"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-20"}], "source": "ykramarz@cisco.com", "type": "Secondary"}]}

{}