Details of VAR-201601-0493

ID

VAR-201601-0493

CVE

CVE-2015-6434

TITLE

Cisco Prime Infrastructure Vulnerable to a clickjacking attack

Trust: 0.8

sources: JVNDB: JVNDB-2015-006693

DESCRIPTION

Cisco Prime Infrastructure does not properly restrict use of IFRAME elements, which makes it easier for remote attackers to conduct clickjacking attacks and unspecified other attacks via a crafted web site, related to a "cross-frame scripting (XFS)" issue, aka Bug ID CSCux64856. Cisco Prime Infrastructure is prone to a frame-injection vulnerability. An attacker can exploit this issue to conduct phishing attacks. Successful exploits will allow the attacker to gain unauthorized access or obtain sensitive information. This issue is being tracked by Cisco Bug ID CSCux64856

Trust: 1.98

sources: NVD: CVE-2015-6434 // JVNDB: JVNDB-2015-006693 // BID: 79838 // VULHUB: VHN-84395

AFFECTED PRODUCTS

vendor:	cisco	model:	prime infrastructure	scope:	eq	version:	2.2\(2\)	Trust: 1.6
vendor:	cisco	model:	prime infrastructure	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	prime infrastructure	scope:	eq	version:	1.3	Trust: 0.3
vendor:	cisco	model:	prime infrastructure	scope:	eq	version:	1.2	Trust: 0.3
vendor:	cisco	model:	prime infrastructure	scope:	eq	version:	2.2	Trust: 0.3
vendor:	cisco	model:	prime infrastructure	scope:	eq	version:	2.1.0	Trust: 0.3
vendor:	cisco	model:	prime infrastructure	scope:	eq	version:	2.0	Trust: 0.3
vendor:	cisco	model:	prime infrastructure	scope:	eq	version:	1.4.2	Trust: 0.3
vendor:	cisco	model:	prime infrastructure	scope:	eq	version:	1.4.1	Trust: 0.3
vendor:	cisco	model:	prime infrastructure	scope:	eq	version:	1.4.0.45	Trust: 0.3
vendor:	cisco	model:	prime infrastructure	scope:	eq	version:	1.4.0	Trust: 0.3
vendor:	cisco	model:	prime infrastructure	scope:	eq	version:	1.4	Trust: 0.3
vendor:	cisco	model:	prime infrastructure	scope:	eq	version:	1.2.1	Trust: 0.3
vendor:	cisco	model:	prime infrastructure	scope:	eq	version:	1.2.0.103	Trust: 0.3

sources: BID: 79838 // JVNDB: JVNDB-2015-006693 // CNNVD: CNNVD-201601-123 // NVD: CVE-2015-6434

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2015-6434
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2015-6434
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201601-123
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-84395
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2015-6434
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-84395
severity:	MEDIUM
baseScore:	4.3
vectorString:	AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	8.6
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2015-6434
baseSeverity:	MEDIUM
baseScore:	6.1
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	CHANGED
confidentialityImpact:	LOW
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	2.8
impactScore:	2.7
version:	3.0
Trust: 1.0

sources: VULHUB: VHN-84395 // JVNDB: JVNDB-2015-006693 // CNNVD: CNNVD-201601-123 // NVD: CVE-2015-6434

PROBLEMTYPE DATA

problemtype:

CWE-79

Trust: 1.9

sources: VULHUB: VHN-84395 // JVNDB: JVNDB-2015-006693 // NVD: CVE-2015-6434

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201601-123

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-201601-123

CONFIGURATIONS

sources: JVNDB: JVNDB-2015-006693

PATCH

title:

cisco-sa-20160105-pi

url:

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160105-pi

Trust: 0.8

sources: JVNDB: JVNDB-2015-006693

EXTERNAL IDS

db:	NVD	id:	CVE-2015-6434	Trust: 2.8
db:	SECTRACK	id:	1034582	Trust: 1.1
db:	JVNDB	id:	JVNDB-2015-006693	Trust: 0.8
db:	CNNVD	id:	CNNVD-201601-123	Trust: 0.7
db:	BID	id:	79838	Trust: 0.4
db:	VULHUB	id:	VHN-84395	Trust: 0.1

sources: VULHUB: VHN-84395 // BID: 79838 // JVNDB: JVNDB-2015-006693 // CNNVD: CNNVD-201601-123 // NVD: CVE-2015-6434

REFERENCES

url:	http://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20160105-pi	Trust: 2.0
url:	http://www.securitytracker.com/id/1034582	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-6434	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-6434	Trust: 0.8
url:	http://www.cisco.com/c/en/us/products/cloud-systems-management/prime-infrastructure/index.html	Trust: 0.3

sources: VULHUB: VHN-84395 // BID: 79838 // JVNDB: JVNDB-2015-006693 // CNNVD: CNNVD-201601-123 // NVD: CVE-2015-6434

CREDITS

Cisco

Trust: 0.3

sources: BID: 79838

SOURCES

db:	VULHUB	id:	VHN-84395
db:	BID	id:	79838
db:	JVNDB	id:	JVNDB-2015-006693
db:	CNNVD	id:	CNNVD-201601-123
db:	NVD	id:	CVE-2015-6434

LAST UPDATE DATE

2024-11-23T22:59:30.278000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-84395	date:	2016-12-07T00:00:00
db:	BID	id:	79838	date:	2016-01-05T00:00:00
db:	JVNDB	id:	JVNDB-2015-006693	date:	2016-01-12T00:00:00
db:	CNNVD	id:	CNNVD-201601-123	date:	2016-01-08T00:00:00
db:	NVD	id:	CVE-2015-6434	date:	2024-11-21T02:34:59.397

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-84395	date:	2016-01-08T00:00:00
db:	BID	id:	79838	date:	2016-01-05T00:00:00
db:	JVNDB	id:	JVNDB-2015-006693	date:	2016-01-12T00:00:00
db:	CNNVD	id:	CNNVD-201601-123	date:	2016-01-08T00:00:00
db:	NVD	id:	CVE-2015-6434	date:	2016-01-08T02:59:01.357