A vulnerability in the web UI of Cisco HyperFlex Software could allow an unauthenticated, remote attacker to affect the integrity of a device via a clickjacking attack. The vulnerability is due to insufficient input validation of iFrame data in HTTP requests that are sent to an affected device. An attacker could exploit this vulnerability by sending crafted HTTP packets with malicious iFrame data. A successful exploit could allow the attacker to perform a clickjacking attack where the user is tricked into clicking a malicious link.
Metrics
Affected Vendors & Products
References
History
Tue, 26 Nov 2024 15:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
MITRE
Status: PUBLISHED
Assigner: cisco
Published: 2018-10-05T14:00:00Z
Updated: 2024-11-26T14:28:42.706Z
Reserved: 2018-08-17T00:00:00
Link: CVE-2018-15423
Vulnrichment
Updated: 2024-08-05T09:54:03.399Z
NVD
Status : Modified
Published: 2018-10-05T14:29:10.967
Modified: 2024-11-21T03:50:45.813
Link: CVE-2018-15423
Redhat
No data.