Published: 03/02/2015 Updated: 08/09/2017

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

VMScore: 383

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

The web interface in Cisco Integrated Management Controller in Cisco Unified Computing System (UCS) on C-Series Rack Servers does not properly restrict use of IFRAME elements, which makes it easier for remote malicious users to conduct clickjacking attacks and unspecified other attacks via a crafted web site, related to a "cross-frame scripting (XFS)" issue, aka Bug ID CSCuf50138.

Vulnerable Product	Search on Vulmon	Subscribe to Product
cisco unified computing system -

A vulnerability in the web interface of the Cisco Integrated Management Controller of the Cisco Unified Computing System C-Series Rack Servers could allow an unauthenticated, remote attacker to execute a cross-frame scripting (XFS) attack The vulnerability is due to insufficient HTML iframe protection An attacker could exploit this vulnerability ...

An easy to grep dump of the NVD database showing only; CVE-ID, CVSS Risk Score, and Summary.

cve-offline An easy to grep dump of the NVD database showing only; CVE-ID, CVSS Risk Score, and Summary Installation Given size limits of GitHub I have had to drop the raw content from NIST which has multiple files that are over 100MBs in size Therefore you can clone the entire repo using the command below: git clone githubcom/cornerpirate/cve-offlinegit Realistical

CWE-254 http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2015-0599 http://tools.cisco.com/security/center/viewAlert.x?alertId=37324 http://secunia.com/advisories/62762 http://www.securityfocus.com/bid/72509 https://exchange.xforce.ibmcloud.com/vulnerabilities/100614 https://nvd.nist.gov https://github.com/cornerpirate/cve-offline http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/Cisco-SA-20150203-CVE-2015-0599

CVE-2015-0599

Vulnerability Summary

Vendor Advisories

Github Repositories

References

Vulmon Search

About

Products

Connect