var-201801-1459
Vulnerability from variot
SonicWall SonicOS on Network Security Appliance (NSA) 2017 Q4 devices has XSS via the CFS Custom Category and Cloud AV DB Exclusion Settings screens. SonicWall SonicOS Contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. Dell SonicWall SonicOS NSA is prone to multiple HTML-Injection vulnerabilities . Successful exploits will allow attacker-supplied HTML and script code to run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user. Other attacks are also possible. All versions of Dell SonicWall SonicOS are vulnerable. SonicWall SonicOS is a system that runs on it. A remote attacker could exploit this vulnerability to bypass throttling mechanisms or filter protections
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201801-1459",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "sonicos",
"scope": "eq",
"trust": 1.0,
"vendor": "sonicwall",
"version": "*"
},
{
"model": "sonicwall sonicos",
"scope": null,
"trust": 0.8,
"vendor": "dell",
"version": null
},
{
"model": "sonicwall sonicos",
"scope": "eq",
"trust": 0.6,
"vendor": "dell",
"version": null
},
{
"model": "sonicwall sonicos",
"scope": "eq",
"trust": 0.3,
"vendor": "dell",
"version": "0"
},
{
"model": "sonicwall nsa",
"scope": "eq",
"trust": 0.3,
"vendor": "dell",
"version": "6600"
},
{
"model": "sonicwall nsa",
"scope": "eq",
"trust": 0.3,
"vendor": "dell",
"version": "5600"
},
{
"model": "sonicwall nsa",
"scope": "eq",
"trust": 0.3,
"vendor": "dell",
"version": "4600"
},
{
"model": "sonicwall nsa",
"scope": "eq",
"trust": 0.3,
"vendor": "dell",
"version": "3600"
},
{
"model": "sonicwall nsa",
"scope": "eq",
"trust": 0.3,
"vendor": "dell",
"version": "2600"
},
{
"model": "sonicwall nsa 250m",
"scope": null,
"trust": 0.3,
"vendor": "dell",
"version": null
}
],
"sources": [
{
"db": "BID",
"id": "102443"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-001386"
},
{
"db": "NVD",
"id": "CVE-2018-5281"
},
{
"db": "CNNVD",
"id": "CNNVD-201801-288"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:sonicwall:sonicos:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:sonicwall:nsa_2650:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:sonicwall:nsa_6600:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:sonicwall:nsa_5600:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:sonicwall:nsa_4600:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:sonicwall:nsa_3600:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:sonicwall:nsa_2600:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
},
{
"cpe23Uri": "cpe:2.3:h:sonicwall:nsa_250m:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": false
}
],
"operator": "OR"
}
],
"cpe_match": [],
"operator": "AND"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2018-5281"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Benjamin K.M.",
"sources": [
{
"db": "BID",
"id": "102443"
}
],
"trust": 0.3
},
"cve": "CVE-2018-5281",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"exploitabilityScore": 6.8,
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "LOW",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "Single",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 3.5,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2018-5281",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Low",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"confidentialityImpact": "NONE",
"exploitabilityScore": 6.8,
"id": "VHN-135312",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "LOW",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:S/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"exploitabilityScore": 2.3,
"impactScore": 2.7,
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.4,
"baseSeverity": "Medium",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "CVE-2018-5281",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "Low",
"scope": "Changed",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2018-5281",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201801-288",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-135312",
"trust": 0.1,
"value": "LOW"
},
{
"author": "VULMON",
"id": "CVE-2018-5281",
"trust": 0.1,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-135312"
},
{
"db": "VULMON",
"id": "CVE-2018-5281"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-001386"
},
{
"db": "NVD",
"id": "CVE-2018-5281"
},
{
"db": "CNNVD",
"id": "CNNVD-201801-288"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "SonicWall SonicOS on Network Security Appliance (NSA) 2017 Q4 devices has XSS via the CFS Custom Category and Cloud AV DB Exclusion Settings screens. SonicWall SonicOS Contains a cross-site scripting vulnerability.Information may be obtained and information may be altered. Dell SonicWall SonicOS NSA is prone to multiple HTML-Injection vulnerabilities . \nSuccessful exploits will allow attacker-supplied HTML and script code to run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user. Other attacks are also possible. \nAll versions of Dell SonicWall SonicOS are vulnerable. SonicWall SonicOS is a system that runs on it. A remote attacker could exploit this vulnerability to bypass throttling mechanisms or filter protections",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-5281"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-001386"
},
{
"db": "BID",
"id": "102443"
},
{
"db": "VULHUB",
"id": "VHN-135312"
},
{
"db": "VULMON",
"id": "CVE-2018-5281"
}
],
"trust": 2.07
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-5281",
"trust": 2.9
},
{
"db": "BID",
"id": "102443",
"trust": 2.1
},
{
"db": "JVNDB",
"id": "JVNDB-2018-001386",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201801-288",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-135312",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2018-5281",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-135312"
},
{
"db": "VULMON",
"id": "CVE-2018-5281"
},
{
"db": "BID",
"id": "102443"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-001386"
},
{
"db": "NVD",
"id": "CVE-2018-5281"
},
{
"db": "CNNVD",
"id": "CNNVD-201801-288"
}
]
},
"id": "VAR-201801-1459",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-135312"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T14:01:21.635000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "\u30c8\u30c3\u30d7\u30da\u30fc\u30b8",
"trust": 0.8,
"url": "https://www.sonicwall.com/ja-jp/home"
},
{
"title": "Dell SonicWall Network Security Appliance 2017 Q4 device SonicWall SonicOS Fixes for cross-site scripting vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=77594"
},
{
"title": "Debian CVElist Bug Report Logs: quagga: CVE-2018-5378 CVE-2018-5379 CVE-2018-5380 CVE-2018-5381",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=4da9cc5babf3128084a3957af98f57a1"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2018-5281"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-001386"
},
{
"db": "CNNVD",
"id": "CNNVD-201801-288"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-135312"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-001386"
},
{
"db": "NVD",
"id": "CVE-2018-5281"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.9,
"url": "https://www.vulnerability-lab.com/get_content.php?id=1729"
},
{
"trust": 1.9,
"url": "http://www.securityfocus.com/bid/102443"
},
{
"trust": 1.8,
"url": "https://psirt.global.sonicwall.com/vuln-detail/snwlid-2018-0002"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-5281"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-5281"
},
{
"trust": 0.3,
"url": "https://www.sonicwall.com/en-us/home"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/79.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=890563"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-135312"
},
{
"db": "VULMON",
"id": "CVE-2018-5281"
},
{
"db": "BID",
"id": "102443"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-001386"
},
{
"db": "NVD",
"id": "CVE-2018-5281"
},
{
"db": "CNNVD",
"id": "CNNVD-201801-288"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-135312"
},
{
"db": "VULMON",
"id": "CVE-2018-5281"
},
{
"db": "BID",
"id": "102443"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-001386"
},
{
"db": "NVD",
"id": "CVE-2018-5281"
},
{
"db": "CNNVD",
"id": "CNNVD-201801-288"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-01-08T00:00:00",
"db": "VULHUB",
"id": "VHN-135312"
},
{
"date": "2018-01-08T00:00:00",
"db": "VULMON",
"id": "CVE-2018-5281"
},
{
"date": "2018-01-08T00:00:00",
"db": "BID",
"id": "102443"
},
{
"date": "2018-02-13T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-001386"
},
{
"date": "2018-01-08T09:29:00.277000",
"db": "NVD",
"id": "CVE-2018-5281"
},
{
"date": "2018-01-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201801-288"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-10-17T00:00:00",
"db": "VULHUB",
"id": "VHN-135312"
},
{
"date": "2018-10-17T00:00:00",
"db": "VULMON",
"id": "CVE-2018-5281"
},
{
"date": "2018-01-08T00:00:00",
"db": "BID",
"id": "102443"
},
{
"date": "2018-02-13T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-001386"
},
{
"date": "2022-06-16T16:18:39.807000",
"db": "NVD",
"id": "CVE-2018-5281"
},
{
"date": "2022-06-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201801-288"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201801-288"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "SonicWall SonicOS Vulnerable to cross-site scripting",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-001386"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "XSS",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201801-288"
}
],
"trust": 0.6
}
}
Loading...
Loading...
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.