CVE-2013-6698 : The web interface on Cisco Wireless LAN Controller (WLC) devices does not properly restrict use of IFRAME elements, whic

The web interface on Cisco Wireless LAN Controller (WLC) devices does not properly restrict use of IFRAME elements, which makes it easier for remote attackers to conduct clickjacking attacks and unspecified other attacks via a crafted web site, related to a "cross-frame scripting (XFS)" issue, aka Bug ID CSCuf77821.

Published 2013-11-22 19:55:10

Updated 2013-11-25 15:03:38

Source Cisco Systems, Inc.

View at NVD, CVE.org

Exploit prediction scoring system (EPSS) score for CVE-2013-6698

Probability of exploitation activity in the next 30 days: 0.15%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 51 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2013-6698

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
4.3	MEDIUM	AV:N/AC:M/Au:N/C:N/I:P/A:N	8.6	2.9	NIST
Access Vector: Network Access Complexity: Medium Authentication: None Confidentiality Impact: None Integrity Impact: Partial Availability Impact: None

CWE ids for CVE-2013-6698

CWE-264

Assigned by: nvd@nist.gov (Primary)

References for CVE-2013-6698

http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-6698

Cisco Wireless LAN Controller Cross-Frame Scripting Vulnerability
Vendor Advisory

Products affected by CVE-2013-6698

Cisco » Wireless Lan Controller
cpe:2.3:h:cisco:wireless_lan_controller:*:*:*:*:*:*:*:*
Matching versions

Vulnerability Details : CVE-2013-6698

Exploit prediction scoring system (EPSS) score for CVE-2013-6698

CVSS scores for CVE-2013-6698

CWE ids for CVE-2013-6698

References for CVE-2013-6698

Products affected by CVE-2013-6698