CVE-2018-5280

Опубликовано: 08 янв. 2018

Источник: nvd

CVSS3: 5.4

CVSS2: 3.5

EPSS Низкий

Описание

SonicWall SonicOS on Network Security Appliance (NSA) 2016 Q4 devices has XSS via the Configure SSO screens.

Ссылки

http://www.securityfocus.com/bid/102438
Third Party Advisory
VDB Entry
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0001
Vendor Advisory
https://www.vulnerability-lab.com/get_content.php?id=1725
Exploit
Third Party Advisory
http://www.securityfocus.com/bid/102438
Third Party Advisory
VDB Entry
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0001
Vendor Advisory
https://www.vulnerability-lab.com/get_content.php?id=1725
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

Одно из

cpe:2.3:o:sonicwall:sonicos:6.2.7.0:*:*:*:*:*:*:*

cpe:2.3:o:sonicwall:sonicos:6.2.9.0:*:*:*:*:*:*:*

cpe:2.3:o:sonicwall:sonicos:6.5.0.0:*:*:*:*:*:*:*

cpe:2.3:o:sonicwall:sonicos:6.5.1.0:*:*:*:*:*:*:*

cpe:2.3:o:sonicwall:sonicos:6.5.2.0:*:*:*:*:*:*:*

Одно из

cpe:2.3:h:sonicwall:nsa_250m:-:*:*:*:*:*:*:*

cpe:2.3:h:sonicwall:nsa_2600:-:*:*:*:*:*:*:*

cpe:2.3:h:sonicwall:nsa_2650:-:*:*:*:*:*:*:*

cpe:2.3:h:sonicwall:nsa_3600:-:*:*:*:*:*:*:*

cpe:2.3:h:sonicwall:nsa_4600:-:*:*:*:*:*:*:*

cpe:2.3:h:sonicwall:nsa_5600:-:*:*:*:*:*:*:*

cpe:2.3:h:sonicwall:nsa_6600:-:*:*:*:*:*:*:*

EPSS

Процентиль: 53%

0.00302

Низкий

5.4 Medium

CVSS3

3.5 Low

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-8x78-9962-6w9r