CVE-2014-2147: Input Validation
First published: Thu Feb 12 2015(Updated: )
The web interface in Cisco Prime Infrastructure 2.1 and earlier does not properly restrict use of IFRAME elements, which makes it easier for remote attackers to conduct clickjacking attacks and unspecified other attacks via a crafted web site, related to a "cross-frame scripting (XFS)" issue, aka Bug ID CSCuj42444.
Credit: ykramarz@cisco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cisco Prime Infrastructure | <=2.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2014-2147?
CVE-2014-2147 is rated as a medium severity vulnerability due to its potential for enabling clickjacking attacks.
How do I fix CVE-2014-2147?
To fix CVE-2014-2147, upgrade Cisco Prime Infrastructure to version 2.2 or later, which addresses the IFRAME restriction issue.
What kind of attacks can CVE-2014-2147 lead to?
CVE-2014-2147 can lead to clickjacking attacks and potentially permit unauthorized actions by tricking users into clicking on malicious content.
Which versions of Cisco Prime Infrastructure are affected by CVE-2014-2147?
CVE-2014-2147 affects Cisco Prime Infrastructure versions 2.1 and earlier.
Is there a workaround for CVE-2014-2147 until I can upgrade?
There are no official workarounds for CVE-2014-2147, so the recommended action is to upgrade to the latest version as soon as possible.
- collector/nvd-index
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/weakness
- agent/last-modified-date
- agent/author
- agent/severity
- agent/tags
- agent/description
- agent/event
- agent/first-publish-date
- agent/source
- vendor/cisco
- canonical/cisco prime infrastructure
- version/cisco prime infrastructure/2.1