CVE-2016-1474

Published on: 08/07/2016 12:00:00 AM UTC

Last Modified on: 03/23/2021 11:27:04 PM UTC

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Certain versions of Prime Infrastructure from Cisco contain the following vulnerability:

Cisco Prime Infrastructure 2.2(2) does not properly restrict use of IFRAME elements, which makes it easier for remote attackers to conduct clickjacking attacks and unspecified other attacks via a crafted web site, related to a "cross-frame scripting (XFS)" issue, aka Bug ID CSCuw65846, a different vulnerability than CVE-2015-6434.

  • CVE-2016-1474 has been assigned by [email protected] to track the vulnerability - currently rated as MEDIUM severity.

CVSS3 Score: 4.3 - MEDIUM

Attack
Vector
Attack
Complexity
Privileges
Required
User
Interaction
NETWORK LOW NONE REQUIRED
Scope Confidentiality
Impact
Integrity
Impact
Availability
Impact
UNCHANGED NONE LOW NONE

CVSS2 Score: 4.3 - MEDIUM

Access
Vector
Access
Complexity
Authentication
NETWORK MEDIUM NONE
Confidentiality
Impact
Integrity
Impact
Availability
Impact
NONE PARTIAL NONE

CVE References

Description Tags Link
Cisco Prime Infrastructure Cross-Frame Scripting Vulnerability Vendor Advisory
tools.cisco.com
text/html
URL Logo CISCO 20160803 Cisco Prime Infrastructure Cross-Frame Scripting Vulnerability
Cisco Prime Infrastructure Cross-Frame Scripting Bug Lets Remote Users Conduct Clickjacking Attacks - SecurityTracker www.securitytracker.com
text/html
URL Logo SECTRACK 1036530
Cisco Prime Infrastructure CVE-2016-1474 Cross Frame Scripting Vulnerability cve.report (archive)
text/html
URL Logo BID 92278

Known Affected Configurations (CPE V2.3)

Type Vendor Product Version Update Edition Language
ApplicationCiscoPrime Infrastructure2.2\(2\)AllAllAll
ApplicationCiscoPrime Infrastructure2.2\(2\)AllAllAll
  • cpe:2.3:a:cisco:prime_infrastructure:2.2\(2\):*:*:*:*:*:*:*:
  • cpe:2.3:a:cisco:prime_infrastructure:2.2\(2\):*:*:*:*:*:*:*: