CVE-2013-6698
First published: Fri Nov 22 2013(Updated: )
The web interface on Cisco Wireless LAN Controller (WLC) devices does not properly restrict use of IFRAME elements, which makes it easier for remote attackers to conduct clickjacking attacks and unspecified other attacks via a crafted web site, related to a "cross-frame scripting (XFS)" issue, aka Bug ID CSCuf77821.
Credit: ykramarz@cisco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cisco Wireless LAN Controllers |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2013-6698?
CVE-2013-6698 is considered a moderate severity vulnerability.
How do I fix CVE-2013-6698?
To address CVE-2013-6698, ensure that you are running the latest firmware version for your Cisco Wireless LAN Controller.
What attacks can be executed due to CVE-2013-6698?
CVE-2013-6698 can enable remote attackers to conduct clickjacking attacks and potentially execute other unspecified attacks.
Which Cisco products are affected by CVE-2013-6698?
CVE-2013-6698 affects various models of Cisco Wireless LAN Controllers.
What causes the vulnerability in CVE-2013-6698?
The vulnerability in CVE-2013-6698 is caused by improper restriction involving IFRAME elements in the web interface of Cisco Wireless LAN Controllers.
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/last-modified-date
- agent/severity
- agent/references
- agent/weakness
- agent/description
- agent/event
- agent/first-publish-date
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/cisco
- canonical/cisco wireless lan controllers