Cisco IOS XE Web-based User Interface Parameter cross site scripting

Summaryinfo

A vulnerability identified as problematic has been detected in Cisco IOS XE. The affected element is an unknown function of the component Web-based User Interface. The manipulation as part of Parameter leads to cross site scripting. This vulnerability is uniquely identified as CVE-2018-0188. The attack is possible to be carried out remotely. No exploit exists.

Detailsinfo

A vulnerability was found in Cisco IOS XE (Router Operating System) (affected version not known) and classified as problematic. This issue affects some unknown functionality of the component Web-based User Interface. The manipulation as part of a Parameter leads to a cross site scripting vulnerability. Using CWE to declare the problem leads to CWE-79. The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. Impacted is integrity. The summary by CVE is:

Multiple vulnerabilities in the web-based user interface (web UI) of Cisco IOS XE Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web UI of the affected software. The vulnerabilities are due to insufficient input validation of certain parameters that are passed to the affected software via the web UI. An attacker could exploit these vulnerabilities by persuading a user of the affected UI to access a malicious link or by intercepting a user request for the affected UI and injecting malicious code into the request. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected UI or allow the attacker to access sensitive browser-based information on the user's system. Cisco Bug IDs: CSCuz38591, CSCvb09530, CSCvb10022.

The bug was discovered 03/28/2018. The weakness was disclosed 03/28/2018 with Cisco as cisco-sa-20180328-webuixss as confirmed advisory (Website). It is possible to read the advisory at tools.cisco.com. The identification of this vulnerability is CVE-2018-0188 since 11/27/2017. The attack may be initiated remotely. No form of authentication is needed for a successful exploitation. The technical details are unknown and an exploit is not publicly available. The pricing for an exploit might be around USD $5k-$25k at the moment (estimation calculated on 02/06/2021). The attack technique deployed by this issue is T1059.007 according to MITRE ATT&CK.

The commercial vulnerability scanner Qualys is able to test this issue with plugin 316224 (Cisco IOS XE Software Web UI Cross-Site Scripting Vulnerabilities(cisco-sa-20180328-webuixss)).

There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.

The vulnerability is also documented in the vulnerability database at SecurityFocus (BID 103551†). The entries VDB-115186 and VDB-115189 are pretty similar. Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

Productinfo

Type

• Router Operating System

Vendor

• Cisco

Name

• IOS XE

License

• commercial

Website

• Vendor: https://www.cisco.com/

CPE 2.3info

• 🔍
• 🔍

CPE 2.2info

• 🔍
• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

Discussion