Miembros de
Boletines de Vulnerabilidades |
Cisco Firepower 9000 Series Switch Clickjacking Vulnerability |
|
Información sobre el sistema |
|
| Software afectado | Cisco |
Descripción |
|
|
A vulnerability in the web interface of the Cisco Firepower 9000 Series Switch could allow an unauthenticated, remote attacker to affect the integrity of the device though a clickjacking or phishing attack.The vulnerability is due to the lack of proper input sanitization of iFrame data in the HTTP requests sent to the device. An attacker could exploit this vulnerability by sending crafted HTTP packets with malicious iFrame data. An exploit could allow the attacker to perform a clickjacking or More info: http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151117-firepower4?vs_f=Cisco%20Security%20Advisory&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Cisco%20Firepower%209000%20Series%20Switch%20Clickjacking%20Vulnerabili |
|
Identificadores estándar |
|
| Propiedad | Valor |
| CVE | CVE-2015-6374. |
Histórico de versiones |
||
| Versión | Comentario | Fecha |
| 1.0 | Advisory issued | 2015-11-18 |