ID
VAR-201511-0226
CVE
CVE-2015-6374
TITLE
Cisco Firepower 9000 Run on device Firepower Extensible Operating System Vulnerable to a clickjacking attack
Trust: 0.8
DESCRIPTION
The web interface in Cisco Firepower Extensible Operating System 1.1(1.160) on Firepower 9000 devices does not properly restrict use of IFRAME elements, which makes it easier for remote attackers to conduct clickjacking attacks and unspecified other attacks via a crafted web site, aka Bug ID CSCux10604. The Cisco Firepower 9000 Series Switches are Cisco 9000 Series Switches. A clickjacking vulnerability exists in Cisco Firepower 9000 Series Switches. Allow remote attackers to exploit this vulnerability to compromise affected devices and obtain sensitive information. Other attacks are also possible. This issue being tracked by Cisco Bug ID CSCux10604
Trust: 2.52
IOT TAXONOMY
| category: | ['Network device'] | sub_category: | - | Trust: 0.6 |
AFFECTED PRODUCTS
| vendor: | cisco | model: | firepower extensible operating system | scope: | eq | version: | 1.1\(1.160\) | Trust: 1.6 |
| vendor: | cisco | model: | firepower extensible operating system | scope: | eq | version: | 1.1(1.160) | Trust: 0.8 |
| vendor: | cisco | model: | firepower extensible operating system on firepower devices | scope: | eq | version: | 1.1(1.160)9000 | Trust: 0.6 |
| vendor: | cisco | model: | firepower series | scope: | eq | version: | 90001.1(1.160) | Trust: 0.3 |
CVSS
SEVERITY | CVSSV2 | CVSSV3 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
PROBLEMTYPE DATA
| problemtype: | CWE-20 | Trust: 1.9 |
THREAT TYPE
remote
Trust: 0.6
TYPE
input validation
Trust: 0.6
CONFIGURATIONS
PATCH
| title: | cisco-sa-20151117-firepower4 | url: | http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151117-firepower4 | Trust: 0.8 |
EXTERNAL IDS
| db: | NVD | id: | CVE-2015-6374 | Trust: 3.4 |
| db: | BID | id: | 77631 | Trust: 1.6 |
| db: | JVNDB | id: | JVNDB-2015-005975 | Trust: 0.8 |
| db: | CNNVD | id: | CNNVD-201511-314 | Trust: 0.7 |
| db: | CNVD | id: | CNVD-2015-07738 | Trust: 0.6 |
| db: | SEEBUG | id: | SSVID-89897 | Trust: 0.1 |
| db: | VULHUB | id: | VHN-84335 | Trust: 0.1 |
REFERENCES
| url: | http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20151117-firepower4 | Trust: 2.6 |
| url: | http://www.securityfocus.com/bid/77631 | Trust: 1.2 |
| url: | http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6374 | Trust: 0.8 |
| url: | http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-6374 | Trust: 0.8 |
| url: | http://www.cisco.com | Trust: 0.3 |
CREDITS
Cisco
Trust: 0.9
SOURCES
| db: | CNVD | id: | CNVD-2015-07738 |
| db: | VULHUB | id: | VHN-84335 |
| db: | BID | id: | 77631 |
| db: | JVNDB | id: | JVNDB-2015-005975 |
| db: | CNNVD | id: | CNNVD-201511-314 |
| db: | NVD | id: | CVE-2015-6374 |
LAST UPDATE DATE
2024-11-23T23:12:37.409000+00:00
SOURCES UPDATE DATE
| db: | CNVD | id: | CNVD-2015-07738 | date: | 2015-11-24T00:00:00 |
| db: | VULHUB | id: | VHN-84335 | date: | 2015-11-19T00:00:00 |
| db: | BID | id: | 77631 | date: | 2015-11-17T00:00:00 |
| db: | JVNDB | id: | JVNDB-2015-005975 | date: | 2015-11-20T00:00:00 |
| db: | CNNVD | id: | CNNVD-201511-314 | date: | 2015-11-19T00:00:00 |
| db: | NVD | id: | CVE-2015-6374 | date: | 2024-11-21T02:34:52.840 |
SOURCES RELEASE DATE
| db: | CNVD | id: | CNVD-2015-07738 | date: | 2015-11-24T00:00:00 |
| db: | VULHUB | id: | VHN-84335 | date: | 2015-11-19T00:00:00 |
| db: | BID | id: | 77631 | date: | 2015-11-17T00:00:00 |
| db: | JVNDB | id: | JVNDB-2015-005975 | date: | 2015-11-20T00:00:00 |
| db: | CNNVD | id: | CNNVD-201511-314 | date: | 2015-11-19T00:00:00 |
| db: | NVD | id: | CVE-2015-6374 | date: | 2015-11-19T02:59:06.317 |