CVE-2015-0599

Severity

43%

Complexity

86%

Confidentiality

48%

The web interface in Cisco Integrated Management Controller in Cisco Unified Computing System (UCS) on C-Series Rack Servers does not properly restrict use of IFRAME elements, which makes it easier for remote attackers to conduct clickjacking attacks and unspecified other attacks via a crafted web site, related to a "cross-frame scripting (XFS)" issue, aka Bug ID CSCuf50138.

The web interface in Cisco Integrated Management Controller in Cisco Unified Computing System (UCS) on C-Series Rack Servers does not properly restrict use of IFRAME elements, which makes it easier for remote attackers to conduct clickjacking attacks and unspecified other attacks via a crafted web site, related to a "cross-frame scripting (XFS)" issue, aka Bug ID CSCuf50138.

CVSS 2.0 Base Score 4.3. CVSS Attack Vector: network. CVSS Attack Complexity: medium. CVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N).

Overview

First reported 10 years ago

2015-02-03 22:59:00

Last updated 7 years ago

2017-09-08 01:29:00

Affected Software

Cisco Unified Computing System

References

62762

20150202 Cisco UCS C-Series Rack Servers Integrated Management Controller Cross-Frame Scripting Vulnerability

Vendor Advisory

http://tools.cisco.com/security/center/viewAlert.x?alertId=37324

Vendor Advisory

72509

cisco-ucs-cve20150599-xfs(100614)

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.