var-201502-0133
Vulnerability from variot
The web interface in Cisco Integrated Management Controller in Cisco Unified Computing System (UCS) on C-Series Rack Servers does not properly restrict use of IFRAME elements, which makes it easier for remote attackers to conduct clickjacking attacks and unspecified other attacks via a crafted web site, related to a "cross-frame scripting (XFS)" issue, aka Bug ID CSCuf50138. Vendors have confirmed this vulnerability Bug ID CSCuf50138 It is released as. Supplementary information : CWE Vulnerability type by CWE-254: Security Features ( Security function ) Has been identified. http://cwe.mitre.org/data/definitions/254.htmlSkillfully crafted by a third party Web Through the site, clickjacking attacks can be performed and other unspecified effects can be received. Cisco Unified Computing System C-Series Rack Servers is prone to a cross-frame scripting vulnerability. Successful exploits will allow attackers to bypass the same-origin policy and perform unauthorized actions; other attacks are possible. Cisco Integrated Management Controller (IMC) is a set of management tools used for it, which supports HTTP, SSH access, etc., and can perform operations such as starting, shutting down and restarting the server. The vulnerability is caused by the program not properly restricting the use of IFRAME elements
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201502-0133",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "unified computing system 1.4",
"scope": null,
"trust": 3.9,
"vendor": "cisco",
"version": null
},
{
"model": "unified computing system",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": null
},
{
"model": "unified computing system 1.3",
"scope": null,
"trust": 1.5,
"vendor": "cisco",
"version": null
},
{
"model": "unified computing system 1.2",
"scope": null,
"trust": 1.5,
"vendor": "cisco",
"version": null
},
{
"model": "unified computing system 1.4 1",
"scope": null,
"trust": 1.5,
"vendor": "cisco",
"version": null
},
{
"model": "unified computing system",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "unified computing system software",
"scope": "lte",
"trust": 0.8,
"vendor": "cisco",
"version": "1.5(1f)"
},
{
"model": "unified computing system 1.5",
"scope": null,
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "unified computing system 1.4 2",
"scope": null,
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "unified computing system",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "1.3"
},
{
"model": "unified computing system",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "1.2"
},
{
"model": "unified computing system 1.1",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "unified computing system",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "1.1"
},
{
"model": "unified computing system",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "1.5"
},
{
"model": "unified computing system 1.4 5",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "unified computing system",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "1.4(2)"
},
{
"model": "unified computing system",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "1.4"
}
],
"sources": [
{
"db": "BID",
"id": "72509"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-001444"
},
{
"db": "CNNVD",
"id": "CNNVD-201502-068"
},
{
"db": "NVD",
"id": "CVE-2015-0599"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/h:cisco:unified_computing_system",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:cisco:unified_computing_system_software",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-001444"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The vendor reported this issue.",
"sources": [
{
"db": "BID",
"id": "72509"
}
],
"trust": 0.3
},
"cve": "CVE-2015-0599",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CVE-2015-0599",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "VHN-78545",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2015-0599",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2015-0599",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-201502-068",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-78545",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-78545"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-001444"
},
{
"db": "CNNVD",
"id": "CNNVD-201502-068"
},
{
"db": "NVD",
"id": "CVE-2015-0599"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The web interface in Cisco Integrated Management Controller in Cisco Unified Computing System (UCS) on C-Series Rack Servers does not properly restrict use of IFRAME elements, which makes it easier for remote attackers to conduct clickjacking attacks and unspecified other attacks via a crafted web site, related to a \"cross-frame scripting (XFS)\" issue, aka Bug ID CSCuf50138. Vendors have confirmed this vulnerability Bug ID CSCuf50138 It is released as. Supplementary information : CWE Vulnerability type by CWE-254: Security Features ( Security function ) Has been identified. http://cwe.mitre.org/data/definitions/254.htmlSkillfully crafted by a third party Web Through the site, clickjacking attacks can be performed and other unspecified effects can be received. Cisco Unified Computing System C-Series Rack Servers is prone to a cross-frame scripting vulnerability. \nSuccessful exploits will allow attackers to bypass the same-origin policy and perform unauthorized actions; other attacks are possible. Cisco Integrated Management Controller (IMC) is a set of management tools used for it, which supports HTTP, SSH access, etc., and can perform operations such as starting, shutting down and restarting the server. The vulnerability is caused by the program not properly restricting the use of IFRAME elements",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-0599"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-001444"
},
{
"db": "BID",
"id": "72509"
},
{
"db": "VULHUB",
"id": "VHN-78545"
}
],
"trust": 1.98
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2015-0599",
"trust": 2.8
},
{
"db": "BID",
"id": "72509",
"trust": 1.4
},
{
"db": "SECUNIA",
"id": "62762",
"trust": 1.1
},
{
"db": "JVNDB",
"id": "JVNDB-2015-001444",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201502-068",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-78545",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-78545"
},
{
"db": "BID",
"id": "72509"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-001444"
},
{
"db": "CNNVD",
"id": "CNNVD-201502-068"
},
{
"db": "NVD",
"id": "CVE-2015-0599"
}
]
},
"id": "VAR-201502-0133",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-78545"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T22:01:53.152000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Cisco UCS C-Series Rack Servers Integrated Management Controller Cross-Frame Scripting Vulnerability",
"trust": 0.8,
"url": "http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2015-0599"
},
{
"title": "37324",
"trust": 0.8,
"url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=37324"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-001444"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-254",
"trust": 1.1
},
{
"problemtype": "CWE-Other",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-78545"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-001444"
},
{
"db": "NVD",
"id": "CVE-2015-0599"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2015-0599"
},
{
"trust": 1.4,
"url": "http://tools.cisco.com/security/center/viewalert.x?alertid=37324"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/bid/72509"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/62762"
},
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/100614"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0599"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-0599"
},
{
"trust": 0.3,
"url": "http://www.cisco.com/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-78545"
},
{
"db": "BID",
"id": "72509"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-001444"
},
{
"db": "CNNVD",
"id": "CNNVD-201502-068"
},
{
"db": "NVD",
"id": "CVE-2015-0599"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-78545"
},
{
"db": "BID",
"id": "72509"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-001444"
},
{
"db": "CNNVD",
"id": "CNNVD-201502-068"
},
{
"db": "NVD",
"id": "CVE-2015-0599"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-02-03T00:00:00",
"db": "VULHUB",
"id": "VHN-78545"
},
{
"date": "2015-02-03T00:00:00",
"db": "BID",
"id": "72509"
},
{
"date": "2015-02-13T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-001444"
},
{
"date": "2015-02-04T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201502-068"
},
{
"date": "2015-02-03T22:59:02.317000",
"db": "NVD",
"id": "CVE-2015-0599"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-09-08T00:00:00",
"db": "VULHUB",
"id": "VHN-78545"
},
{
"date": "2015-02-03T00:00:00",
"db": "BID",
"id": "72509"
},
{
"date": "2015-02-13T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-001444"
},
{
"date": "2015-02-04T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201502-068"
},
{
"date": "2024-11-21T02:23:23.187000",
"db": "NVD",
"id": "CVE-2015-0599"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201502-068"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "C-Series Rack Servers Run on Cisco Unified Computing System Vulnerable to a clickjacking attack",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-001444"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Origin Validation Error",
"sources": [
{
"db": "BID",
"id": "72509"
}
],
"trust": 0.3
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.