CVE-2018-0408

Name of the Vulnerable Software and Affected Versions: Cisco Small Business 300 Series Managed Switches (affected versions not specified)

Description: The issue is related to insufficient validation of user-supplied input by the web-based management interface, allowing an authenticated, remote attacker to conduct a reflected cross-site scripting (XSS) attack. This could enable the attacker to execute arbitrary script code in the context of the interface or access sensitive browser-based information. The exploitation occurs when a user of the interface clicks a specially crafted link.

Recommendations: For Cisco Small Business 300 Series Managed Switches, consider disabling the web-based management interface until a patch is available. Restrict access to the management interface to minimize the risk of exploitation. Avoid using the interface to click on links from untrusted sources until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.