CVE-2015-4266

Name of the Vulnerable Software and Affected Versions Cisco Identity Services Engine versions 1.1(4.1), 1.3(106.146), and 1.3(120.135)

Description The issue is related to the web interface in Cisco Identity Services Engine, which does not properly restrict the use of IFRAME elements. This makes it easier for remote attackers to conduct clickjacking attacks and other unspecified attacks via a crafted web site, related to a "cross-frame scripting (XFS)" issue.

Recommendations For version 1.1(4.1), update to a fixed version to resolve the issue. For version 1.3(106.146), update to a fixed version to resolve the issue. For version 1.3(120.135), update to a fixed version to resolve the issue. As a temporary workaround, consider restricting the use of IFRAME elements in the web interface until a patch is available.