VAR-201502-0133
Vulnerability from variot - Updated: 2023-12-18 13:29The web interface in Cisco Integrated Management Controller in Cisco Unified Computing System (UCS) on C-Series Rack Servers does not properly restrict use of IFRAME elements, which makes it easier for remote attackers to conduct clickjacking attacks and unspecified other attacks via a crafted web site, related to a "cross-frame scripting (XFS)" issue, aka Bug ID CSCuf50138. Vendors have confirmed this vulnerability Bug ID CSCuf50138 It is released as. Supplementary information : CWE Vulnerability type by CWE-254: Security Features ( Security function ) Has been identified. http://cwe.mitre.org/data/definitions/254.htmlSkillfully crafted by a third party Web Through the site, clickjacking attacks can be performed and other unspecified effects can be received. Cisco Unified Computing System C-Series Rack Servers is prone to a cross-frame scripting vulnerability. Successful exploits will allow attackers to bypass the same-origin policy and perform unauthorized actions; other attacks are possible. Cisco Integrated Management Controller (IMC) is a set of management tools used for it, which supports HTTP, SSH access, etc., and can perform operations such as starting, shutting down and restarting the server. The vulnerability is caused by the program not properly restricting the use of IFRAME elements
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201502-0133",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "unified computing system 1.4",
"scope": null,
"trust": 3.9,
"vendor": "cisco",
"version": null
},
{
"model": "unified computing system",
"scope": "eq",
"trust": 1.6,
"vendor": "cisco",
"version": null
},
{
"model": "unified computing system 1.3",
"scope": null,
"trust": 1.5,
"vendor": "cisco",
"version": null
},
{
"model": "unified computing system 1.2",
"scope": null,
"trust": 1.5,
"vendor": "cisco",
"version": null
},
{
"model": "unified computing system 1.4 1",
"scope": null,
"trust": 1.5,
"vendor": "cisco",
"version": null
},
{
"model": "unified computing system",
"scope": null,
"trust": 0.8,
"vendor": "cisco",
"version": null
},
{
"model": "unified computing system software",
"scope": "lte",
"trust": 0.8,
"vendor": "cisco",
"version": "1.5(1f)"
},
{
"model": "unified computing system 1.5",
"scope": null,
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "unified computing system 1.4 2",
"scope": null,
"trust": 0.6,
"vendor": "cisco",
"version": null
},
{
"model": "unified computing system",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "1.3"
},
{
"model": "unified computing system",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "1.2"
},
{
"model": "unified computing system 1.1",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "unified computing system",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "1.1"
},
{
"model": "unified computing system",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "1.5"
},
{
"model": "unified computing system 1.4 5",
"scope": null,
"trust": 0.3,
"vendor": "cisco",
"version": null
},
{
"model": "unified computing system",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "1.4(2)"
},
{
"model": "unified computing system",
"scope": "eq",
"trust": 0.3,
"vendor": "cisco",
"version": "1.4"
}
],
"sources": [
{
"db": "BID",
"id": "72509"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-001444"
},
{
"db": "NVD",
"id": "CVE-2015-0599"
},
{
"db": "CNNVD",
"id": "CNNVD-201502-068"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:h:cisco:unified_computing_system:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2015-0599"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The vendor reported this issue.",
"sources": [
{
"db": "BID",
"id": "72509"
}
],
"trust": 0.3
},
"cve": "CVE-2015-0599",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Medium",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.3,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2015-0599",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "VHN-78545",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2015-0599",
"trust": 1.8,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-201502-068",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-78545",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-78545"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-001444"
},
{
"db": "NVD",
"id": "CVE-2015-0599"
},
{
"db": "CNNVD",
"id": "CNNVD-201502-068"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The web interface in Cisco Integrated Management Controller in Cisco Unified Computing System (UCS) on C-Series Rack Servers does not properly restrict use of IFRAME elements, which makes it easier for remote attackers to conduct clickjacking attacks and unspecified other attacks via a crafted web site, related to a \"cross-frame scripting (XFS)\" issue, aka Bug ID CSCuf50138. Vendors have confirmed this vulnerability Bug ID CSCuf50138 It is released as. Supplementary information : CWE Vulnerability type by CWE-254: Security Features ( Security function ) Has been identified. http://cwe.mitre.org/data/definitions/254.htmlSkillfully crafted by a third party Web Through the site, clickjacking attacks can be performed and other unspecified effects can be received. Cisco Unified Computing System C-Series Rack Servers is prone to a cross-frame scripting vulnerability. \nSuccessful exploits will allow attackers to bypass the same-origin policy and perform unauthorized actions; other attacks are possible. Cisco Integrated Management Controller (IMC) is a set of management tools used for it, which supports HTTP, SSH access, etc., and can perform operations such as starting, shutting down and restarting the server. The vulnerability is caused by the program not properly restricting the use of IFRAME elements",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-0599"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-001444"
},
{
"db": "BID",
"id": "72509"
},
{
"db": "VULHUB",
"id": "VHN-78545"
}
],
"trust": 1.98
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2015-0599",
"trust": 2.8
},
{
"db": "BID",
"id": "72509",
"trust": 1.4
},
{
"db": "SECUNIA",
"id": "62762",
"trust": 1.1
},
{
"db": "JVNDB",
"id": "JVNDB-2015-001444",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201502-068",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-78545",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-78545"
},
{
"db": "BID",
"id": "72509"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-001444"
},
{
"db": "NVD",
"id": "CVE-2015-0599"
},
{
"db": "CNNVD",
"id": "CNNVD-201502-068"
}
]
},
"id": "VAR-201502-0133",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-78545"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T13:29:38.458000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Cisco UCS C-Series Rack Servers Integrated Management Controller Cross-Frame Scripting Vulnerability",
"trust": 0.8,
"url": "http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2015-0599"
},
{
"title": "37324",
"trust": 0.8,
"url": "http://tools.cisco.com/security/center/viewalert.x?alertid=37324"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-001444"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-254",
"trust": 1.1
},
{
"problemtype": "CWE-Other",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-78545"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-001444"
},
{
"db": "NVD",
"id": "CVE-2015-0599"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.0,
"url": "http://tools.cisco.com/security/center/content/ciscosecuritynotice/cve-2015-0599"
},
{
"trust": 1.4,
"url": "http://tools.cisco.com/security/center/viewalert.x?alertid=37324"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/bid/72509"
},
{
"trust": 1.1,
"url": "http://secunia.com/advisories/62762"
},
{
"trust": 1.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/100614"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-0599"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-0599"
},
{
"trust": 0.3,
"url": "http://www.cisco.com/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-78545"
},
{
"db": "BID",
"id": "72509"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-001444"
},
{
"db": "NVD",
"id": "CVE-2015-0599"
},
{
"db": "CNNVD",
"id": "CNNVD-201502-068"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-78545"
},
{
"db": "BID",
"id": "72509"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-001444"
},
{
"db": "NVD",
"id": "CVE-2015-0599"
},
{
"db": "CNNVD",
"id": "CNNVD-201502-068"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-02-03T00:00:00",
"db": "VULHUB",
"id": "VHN-78545"
},
{
"date": "2015-02-03T00:00:00",
"db": "BID",
"id": "72509"
},
{
"date": "2015-02-13T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-001444"
},
{
"date": "2015-02-03T22:59:02.317000",
"db": "NVD",
"id": "CVE-2015-0599"
},
{
"date": "2015-02-04T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201502-068"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2017-09-08T00:00:00",
"db": "VULHUB",
"id": "VHN-78545"
},
{
"date": "2015-02-03T00:00:00",
"db": "BID",
"id": "72509"
},
{
"date": "2015-02-13T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-001444"
},
{
"date": "2017-09-08T01:29:45.747000",
"db": "NVD",
"id": "CVE-2015-0599"
},
{
"date": "2015-02-04T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201502-068"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201502-068"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "C-Series Rack Servers Run on Cisco Unified Computing System Vulnerable to a clickjacking attack",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-001444"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Origin Validation Error",
"sources": [
{
"db": "BID",
"id": "72509"
}
],
"trust": 0.3
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…