CVE-2019-1792

Опубликовано: 18 апр. 2019

Источник: nvd

CVSS3: 6.1

CVSS2: 4.3

EPSS Низкий

Описание

A vulnerability in the URL block page of Cisco Umbrella could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user in a network protected by Umbrella. The vulnerability is due to insufficient validation of input parameters passed to that page. An attacker could exploit this vulnerability by persuading a user of the interface to click a maliciously crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive browser-based information. This vulnerability has been fixed in the current version of Cisco Umbrella. Cisco Umbrella is a cloud service.

Ссылки

http://www.securityfocus.com/bid/108014
Broken Link
Third Party Advisory
VDB Entry
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190417-umbrella-xss
Vendor Advisory
http://www.securityfocus.com/bid/108014
Broken Link
Third Party Advisory
VDB Entry
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190417-umbrella-xss
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:cisco:umbrella:*:*:*:*:*:*:*:*

EPSS

Процентиль: 34%

0.00136

Низкий

6.1 Medium

CVSS3

6.1 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-2ph5-82ch-xwq8

CVSS3: 6.1

github

больше 3 лет назад

BDU:2019-01686

CVSS3: 6.1

fstec

почти 7 лет назад

Уязвимость облачного сервиса безопасности Cisco Umbrella, существующая из-за непринятия мер по защите структуры веб-страницы, позволяющая нарушителю выполнить произвольный код в браузере пользователя или получить доступ к конфиденциальной информации

EPSS

Процентиль: 34%

0.00136

Низкий

6.1 Medium

CVSS3

6.1 Medium

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-79