CVE-2018-0402 — Cross-site Scripting in Cisco Unified Contact Center Express

CWE-79 — Cross-site Scripting CWE-352 — Cross-Site Request Forgery CWE-194 documents4 sources

Severity

8.8HIGHNVD

EPSS

0.2%

top 59.75%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Unified Contact Center Express Cisco Unified IP Interactive Voice Response

Timeline

PublishedJul 18

Latest updateMay 13

Description

Multiple vulnerabilities in the web-based management interface of Cisco Unified Contact Center Express (Unified CCX) could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack. Cisco Bug IDs: CSCvg70921.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

▶NVDcisco/unified_contact_center_express11.5\(1\)

▶NVDcisco/unified_ip_interactive_voice_response11.5\(1\)

🔴Vulnerability Details

GHSA

GHSA-87mw-pv6w-273m: Multiple vulnerabilities in the web-based management interface of Cisco Unified Contact Center Express (Unified CCX) could allow an unauthenticated, r↗2022-05-13

▶

CVEList

CVE-2018-0402: Multiple vulnerabilities in the web-based management interface of Cisco Unified Contact Center Express (Unified CCX) could allow an unauthenticated, r↗2018-07-18

▶

📋Vendor Advisories

Cisco

Multiple Vulnerabilities in Cisco Unified Contact Center Express↗2018-07-18

▶