Clickjacking Vulnerability in Cisco Firepower OS on Firepower 9000 Devices
CVE-2015-6374

Currently unrated

Key Information:

Vendor
Cisco
Status
Firepower Extensible Operating System
Vendor
CVE Published:
19 November 2015

Summary

The web interface of Cisco Firepower Extensible Operating System 1.1(1.160) on Firepower 9000 devices lacks proper restrictions for IFRAME elements. This oversight makes it susceptible to clickjacking attacks, enabling remote attackers to manipulate user interactions through deceitful web interfaces. Consequently, this vulnerability could facilitate other unspecified attacks when users are misled into clicking on malicious content, thereby compromising their security.

References

http://tools.cisco.com/security/center/content/CiscoSecur...
vendor-advisoryx_refsource_CISCO

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.