CVE-2015-6374: Input Validation
First published: Thu Nov 19 2015(Updated: )
The web interface in Cisco Firepower Extensible Operating System 1.1(1.160) on Firepower 9000 devices does not properly restrict use of IFRAME elements, which makes it easier for remote attackers to conduct clickjacking attacks and unspecified other attacks via a crafted web site, aka Bug ID CSCux10604.
Credit: ykramarz@cisco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cisco Firepower Extensible Operating System | =1.1\(1.160\) |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2015-6374?
The severity of CVE-2015-6374 is classified as high due to its potential to allow clickjacking attacks.
How do I fix CVE-2015-6374?
To fix CVE-2015-6374, upgrade the Cisco Firepower Extensible Operating System to the latest version that addresses this vulnerability.
What devices are affected by CVE-2015-6374?
CVE-2015-6374 affects Cisco Firepower 9000 devices running Firepower Extensible Operating System version 1.1(1.160).
What type of attack can be executed due to CVE-2015-6374?
CVE-2015-6374 makes it easier for remote attackers to conduct clickjacking attacks through a crafted web site.
Is there a workaround for CVE-2015-6374?
There are currently no documented workarounds for CVE-2015-6374, and upgrading is the recommended mitigation.
- collector/nvd-index
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/weakness
- agent/references
- agent/author
- agent/last-modified-date
- agent/first-publish-date
- agent/description
- agent/tags
- agent/event
- agent/source
- vendor/cisco
- canonical/cisco firepower extensible operating system
- version/cisco firepower extensible operating system/1.1\(1.160\)