CVE-2015-6374

Name of the Vulnerable Software and Affected Versions Cisco Firepower Extensible Operating System version 1.1(1.160)

Description The web interface in Cisco Firepower Extensible Operating System does not properly restrict the use of IFRAME elements. This makes it easier for remote attackers to conduct clickjacking attacks and other unspecified attacks via a crafted web site. The issue is related to the lack of restrictions on the use of IFRAME elements, which can allow a remote attacker to place malicious elements on a page and force the user to activate them using a specially formed web site.

Recommendations For Cisco Firepower Extensible Operating System version 1.1(1.160), consider restricting access to the web interface until a patch is available. As a temporary workaround, avoid using the web interface for sensitive operations to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.