Vulnerability Description
A vulnerability in the web-based management interface of Cisco Small Business 300 Series Managed Switches could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface of an affected system. The vulnerability exists because the affected management interface performs insufficient validation of user-supplied input. An attacker could exploit this vulnerability by persuading a user of the interface to click a malicious link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or allow the attacker to access sensitive, browser-based information.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cisco | Sf302-08Pp Firmware | 1.4.2.4 |
| Cisco | Sf302-08Pp | - |
| Cisco | Sf302-08Mpp Firmware | 1.4.2.4 |
| Cisco | Sf302-08Mpp | - |
| Cisco | Sg300-10Pp Firmware | 1.4.2.4 |
| Cisco | Sg300-10Pp | - |
| Cisco | Sg300-10Mpp Firmware | 1.4.2.4 |
| Cisco | Sg300-10Mpp | - |
| Cisco | Sf300-24Pp Firmware | 1.4.2.4 |
| Cisco | Sf300-24Pp | - |
| Cisco | Sf300-48Pp Firmware | 1.4.2.4 |
| Cisco | Sf300-48Pp | - |
| Cisco | Sg300-28Pp Firmware | 1.4.2.4 |
| Cisco | Sg300-28Pp | - |
| Cisco | Sf300-08 Firmware | 1.4.2.4 |
| Cisco | Sf300-08 | - |
| Cisco | Sf300-48P Firmware | 1.4.2.4 |
| Cisco | Sf300-48P | - |
| Cisco | Sg300-10Mp Firmware | 1.4.2.4 |
| Cisco | Sg300-10Mp | - |
Related Weaknesses (CWE)
References
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-2Vendor Advisory
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-2Vendor Advisory
FAQ
What is CVE-2018-0465?
CVE-2018-0465 is a vulnerability with a CVSS score of 6.1 (MEDIUM). A vulnerability in the web-based management interface of Cisco Small Business 300 Series Managed Switches could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack...
How severe is CVE-2018-0465?
CVE-2018-0465 has been rated MEDIUM with a CVSS base score of 6.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2018-0465?
Check the references section above for vendor advisories and patch information. Affected products include: Cisco Sf302-08Pp Firmware, Cisco Sf302-08Pp, Cisco Sf302-08Mpp Firmware, Cisco Sf302-08Mpp, Cisco Sg300-10Pp Firmware.