CVE-2015-4266

Published: Jul 16, 2015Modified: May 6, 2026

4.3

Vector

AV:N/AC:M/Au:N/C:N/I:P/A:N

Exploitability: 8.6 / Impact: 2.9

Source: NVD

Description

The web interface in Cisco Identity Services Engine (ISE) 1.1(4.1), 1.3(106.146), and 1.3(120.135) does not properly restrict use of IFRAME elements, which makes it easier for remote attackers to conduct clickjacking attacks and unspecified other attacks via a crafted web site, related to a "cross-frame scripting (XFS)" issue, aka Bug ID CSCut04556.

Affected (3)

Products: Cisco: Identity Services Engine Software

Cisco

1 product

Identity Services Engine Software

Configuration A

3 vulnerable

Vulnerable Software	Affected Versions
Cisco Identity Services Engine Software	Version 1.1(4.1)
Cisco Identity Services Engine Software	Version 1.3(106.146)
Cisco Identity Services Engine Software	Version 1.3(120.135)

Related CWEs

CWE-20

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (4)

http://tools.cisco.com/security/center/viewAlert.x?alertId=39871

Source: psirt@cisco.com

Vendor Advisory

http://www.securitytracker.com/id/1032930

Source: psirt@cisco.com

http://tools.cisco.com/security/center/viewAlert.x?alertId=39871

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://www.securitytracker.com/id/1032930

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.