CVE Vulnerability

CVE-2018-15423

A vulnerability in the web UI of Cisco HyperFlex Software could allow an unauthenticated, remote attacker to affect the integrity of a device via a clickjacking attack. The vulnerability is due to insufficient input validation of iFrame data in HTTP requests that are sent to an affected device. An attacker could exploit this vulnerability by sending crafted HTTP packets with malicious iFrame data. A successful exploit could allow the attacker to perform a clickjacking attack where the user is tricked into clicking a malicious link.

4.3 /10

CVSS v2.0 :

V3 Legend

Vector :

Exploitability : 8.6 / Impact : 2.9

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

Scope

4.7 /10

CVSS v3.0 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact NONE

Integrity Impact LOW

Availability Impact NONE

Scope CHANGED

References
Link Resource
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181003-hyperflex-clickjacking Vendor Advisory
Configurations

Configuration 1

cpe:2.3:a:cisco:hyperflex_hx_data_platform:3.0(1a):*:*:*:*:*:*:*
cpe:2.3:a:cisco:hyperflex_hx_data_platform:2.6(1d):*:*:*:*:*:*:*
Information

Published : 2018-10-05 02:29

Updated : 2020-09-16 01:25

NVD link : CVE-2018-15423

Mitre link : CVE-2018-15423

Products Affected
No products.
CWE
CWE-1021

Improper Restriction of Rendered UI Layers or Frames