CVE-2018-15423

CWE-693CWE-1021Clickjacking4 documents4 sources
Severity
4.7MEDIUM
EPSS
0.1%
top 71.54%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cisco Cisco Hyperflex Hx-seriesCisco Hyperflex HX Data Platform
Timeline
PublishedOct 5
Latest updateMay 13

Description

A vulnerability in the web UI of Cisco HyperFlex Software could allow an unauthenticated, remote attacker to affect the integrity of a device via a clickjacking attack. The vulnerability is due to insufficient input validation of iFrame data in HTTP requests that are sent to an affected device. An attacker could exploit this vulnerability by sending crafted HTTP packets with malicious iFrame data. A successful exploit could allow the attacker to perform a clickjacking attack where the user is tr

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages2 packages

NVDcisco/hyperflex_hx_data_platform2.6\(1d\), 3.0\(1a\)+1

🔴Vulnerability Details

2
GHSA
GHSA-9g5x-wr2w-vx7m: A vulnerability in the web UI of Cisco HyperFlex Software could allow an unauthenticated, remote attacker to affect the integrity of a device via a cl2022-05-13
CVEList
Cisco HyperFlex UI Clickjacking Vulnerability2018-10-05

📋Vendor Advisories

1
Cisco
Cisco HyperFlex UI Clickjacking Vulnerability2018-10-03