How severe is CVE-2018-15423?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 4.7 out of 10.

What type of vulnerability is CVE-2018-15423?

This is classified as CWE-693, which is a common weakness in software security.

CVE-2018-15423 - MEDIUM Severity | CVSS 4.7

Vulnerability Description

A vulnerability in the web UI of Cisco HyperFlex Software could allow an unauthenticated, remote attacker to affect the integrity of a device via a clickjacking attack. The vulnerability is due to insufficient input validation of iFrame data in HTTP requests that are sent to an affected device. An attacker could exploit this vulnerability by sending crafted HTTP packets with malicious iFrame data. A successful exploit could allow the attacker to perform a clickjacking attack where the user is tricked into clicking a malicious link.

Related Vulnerabilities

CVE-2021-1616

MEDIUM

CVSS:4.7(Medium)

A vulnerability in the H.323 application level gateway (ALG) used by the Network Address Translation (NAT) feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to bypass th...

CWE-6932021

CVE-2023-29354

MEDIUM

CVSS:4.7(Medium)

Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability

CWE-6932023

CVE-2024-26163

MEDIUM

CVSS:4.7(Medium)

Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability

CWE-6932024

CVE-2024-30052

MEDIUM

CVSS:4.7(Medium)

Visual Studio Remote Code Execution Vulnerability

CWE-6932024

CVE-2024-39599

MEDIUM

CVSS:4.7(Medium)

Due to a Protection Mechanism Failure in SAP NetWeaver Application Server for ABAP and ABAP Platform, a developer can bypass the configured malware scanner API because of a programming error. This lea...

CWE-6932024

CVE-2024-5691

MEDIUM

CVSS:4.7(Medium)

By tricking the browser with a `X-Frame-Options` header, a sandboxed iframe could have presented a button that, if clicked by a user, would bypass restrictions to open a new window. This vulnerability...

CWE-6932024