CVE-2018-15423

Published Oct 5, 2018

Last updated 4 years ago

Overview

Description
A vulnerability in the web UI of Cisco HyperFlex Software could allow an unauthenticated, remote attacker to affect the integrity of a device via a clickjacking attack. The vulnerability is due to insufficient input validation of iFrame data in HTTP requests that are sent to an affected device. An attacker could exploit this vulnerability by sending crafted HTTP packets with malicious iFrame data. A successful exploit could allow the attacker to perform a clickjacking attack where the user is tricked into clicking a malicious link.
Source
ykramarz@cisco.com
NVD status
Analyzed

Risk scores

CVSS 3.1

Type
Primary
Base score
4.7
Impact score
1.4
Exploitability score
2.8
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N
Severity
MEDIUM

CVSS 2.0

Type
Primary
Base score
4.3
Impact score
2.9
Exploitability score
8.6
Vector string
AV:N/AC:M/Au:N/C:N/I:P/A:N

Weaknesses

nvd@nist.gov
CWE-1021
ykramarz@cisco.com
CWE-693

Social media

Hype score
Not currently trending

Configurations