Skip to main content

Data Center Network Manager CVE-2018-0450

MEDIUM
Cross-site Scripting (XSS) (CWE-79)
2018-10-05 psirt@cisco.com
6.1
CVSS 3.0 · NVD
Share

Severity by source

NVD PRIMARY
6.1 MEDIUM
AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Changed
Confidentiality
Low
Integrity
Low
Availability
None

Lifecycle Timeline

1
CVE Published
Oct 05, 2018 - 14:29 nvd
MEDIUM 6.1

DescriptionNVD

A vulnerability in the web-based management interface of Cisco Data Center Network Manager could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the management interface on an affected device. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit this vulnerability by persuading a user of the interface to click a customized link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive browser-based information.

AnalysisAI

A vulnerability in the web-based management interface of Cisco Data Center Network Manager could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified as Cross-Site Scripting (XSS) (CWE-79), which allows attackers to inject malicious scripts into web pages viewed by other users. A vulnerability in the web-based management interface of Cisco Data Center Network Manager could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the management interface on an affected device. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit this vulnerability by persuading a user of the interface to click a customized link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive browser-based information. Affected products include: Cisco Data Center Network Manager.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Sanitize all user input, use Content-Security-Policy headers, encode output contextually (HTML, JS, URL). Use frameworks with built-in XSS protection.

CVE-2019-1620 CRITICAL POC
9.8 Jun 27

A vulnerability in the web-based management interface of Cisco Data Center Network Manager (DCNM) could allow an unauthe

CVE-2019-1619 CRITICAL POC
9.8 Jun 27

A vulnerability in the web-based management interface of Cisco Data Center Network Manager (DCNM) could allow an unauthe

CVE-2019-1622 MEDIUM POC
5.3 Jun 27

A vulnerability in the web-based management interface of Cisco Data Center Network Manager (DCNM) could allow an unauthe

CVE-2019-1621 HIGH POC
7.5 Jun 27

A vulnerability in the web-based management interface of Cisco Data Center Network Manager (DCNM) could allow an unauthe

CVE-2020-3382 CRITICAL
9.8 Jul 31

A vulnerability in the REST API of Cisco Data Center Network Manager (DCNM) could allow an unauthenticated, remote attac

CVE-2020-3376 CRITICAL
9.8 Jul 31

A vulnerability in the Device Manager application of Cisco Data Center Network Manager (DCNM) could allow an unauthentic

CVE-2017-12343 HIGH
8.8 Nov 30

Multiple vulnerabilities in Cisco Data Center Network Manager (DCNM) Software could allow a remote attacker to inject ar

CVE-2021-1247 HIGH
8.8 Jan 20

Multiple vulnerabilities in certain REST API endpoints of Cisco Data Center Network Manager (DCNM) could allow an authen

CVE-2021-1272 HIGH
8.8 Jan 20

A vulnerability in the session validation feature of Cisco Data Center Network Manager (DCNM) could allow an unauthentic

CVE-2020-3386 HIGH
8.8 Jul 31

A vulnerability in the REST API endpoint of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remot

CVE-2020-3383 HIGH
8.8 Jul 31

A vulnerability in the archive utility of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote

CVE-2020-3377 HIGH
8.8 Jul 31

A vulnerability in the Device Manager application of Cisco Data Center Network Manager (DCNM) could allow an authenticat

Share

CVE-2018-0450 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy