Vulnerability Description
SonicWall SonicOS on Network Security Appliance (NSA) 2017 Q4 devices has XSS via the CFS Custom Category and Cloud AV DB Exclusion Settings screens.
CVSS Score
5.4
MEDIUM
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Sonicwall | Sonicos | All versions |
| Sonicwall | Nsa 250M | - |
| Sonicwall | Nsa 2600 | - |
| Sonicwall | Nsa 2650 | - |
| Sonicwall | Nsa 3600 | - |
| Sonicwall | Nsa 4600 | - |
| Sonicwall | Nsa 5600 | - |
| Sonicwall | Nsa 6600 | - |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/102443Third Party AdvisoryVDB Entry
- https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0002Vendor Advisory
- https://www.vulnerability-lab.com/get_content.php?id=1729ExploitThird Party Advisory
- http://www.securityfocus.com/bid/102443Third Party AdvisoryVDB Entry
- https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0002Vendor Advisory
- https://www.vulnerability-lab.com/get_content.php?id=1729ExploitThird Party Advisory
FAQ
What is CVE-2018-5281?
CVE-2018-5281 is a vulnerability with a CVSS score of 5.4 (MEDIUM). SonicWall SonicOS on Network Security Appliance (NSA) 2017 Q4 devices has XSS via the CFS Custom Category and Cloud AV DB Exclusion Settings screens.
How severe is CVE-2018-5281?
CVE-2018-5281 has been rated MEDIUM with a CVSS base score of 5.4/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2018-5281?
Check the references section above for vendor advisories and patch information. Affected products include: Sonicwall Sonicos, Sonicwall Nsa 250M, Sonicwall Nsa 2600, Sonicwall Nsa 2650, Sonicwall Nsa 3600.