漏洞类别:Cisco
漏洞等级: 
漏洞信息
The Cisco Unified Communications Manager (CUCM) may be vulnerable to data that can be displayed inside an iframe within a web page, which in turn could lead to a clickjacking attack.
The vulnerability is due to a lack of proper input sanitization of iframe data within the HTTP requests sent to the device.
漏洞危害
An attacker could exploit this vulnerability by sending crafted HTTP packets with malicious iframe data. An exploit could allow the attacker to perform a clickjacking or phishing attack where the user is tricked into clicking on a malicious link.
解决方案
Cisco has released fixes to resolve these vulnerabilities. Refer cisco-sa-20161012-ucm to obtain more information.
Patch:
Following are links for downloading patches to fix the vulnerabilities:
0day
文章评论