Published: 12/02/2015 Updated: 29/08/2017

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

VMScore: 383

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

The web interface in Cisco Prime Infrastructure 2.1 and previous versions does not properly restrict use of IFRAME elements, which makes it easier for remote malicious users to conduct clickjacking attacks and unspecified other attacks via a crafted web site, related to a "cross-frame scripting (XFS)" issue, aka Bug ID CSCuj42444.

Vulnerable Product	Search on Vulmon	Subscribe to Product
cisco prime infrastructure

A vulnerability in the web interface of the Cisco Prime Infrastructure could allow an unauthenticated, remote attacker to execute a cross-frame scripting (XFS) attack This vulnerability is due to insufficient HTML iframe protection An attacker could exploit this vulnerability by directing a user to an attacker-controlled web page that contains a ...

CWE-20 http://tools.cisco.com/security/center/viewAlert.x?alertId=37419 http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2014-2147 http://www.securityfocus.com/bid/72551 http://www.securitytracker.com/id/1031715 https://exchange.xforce.ibmcloud.com/vulnerabilities/100755 https://nvd.nist.gov http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/Cisco-SA-20150211-CVE-2014-2147

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2014-2147

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect