8.8
CVSSv3

CVE-2019-1857

Published: 03/05/2019 Updated: 06/05/2019
CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6
CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8
VMScore: 605
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Vulnerability Summary

A vulnerability in the web-based management interface of Cisco HyperFlex HX-Series could allow an unauthenticated, remote malicious user to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected system. The vulnerability is due to insufficient CSRF protections for the web-based management interface of the affected software. An attacker could exploit this vulnerability by persuading a user of the interface to follow a crafted link. A successful exploit could allow the malicious user to perform arbitrary actions on an affected system by using a web browser and with the privileges of the user.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

cisco hx220c m5 firmware 3.0(1a)

cisco hx240c m5 firmware 3.0(1a)

cisco hx240c large form factor firmware 3.0(1a)

cisco hx220c all nvme m5 firmware 3.0(1a)

cisco hx220c af m5 firmware 3.0(1a)

cisco hx240c af m5 firmware 3.0(1a)

cisco hx220c edge m5 firmware 3.0(1a)

cisco ucs b200 m5 firmware 3.0(1a)

cisco ucs b480 m5 firmware 3.0(1a)

cisco ucs c480 m5 firmware 3.0(1a)

cisco ucs c125 m5 firmware 3.0(1a)

cisco ucs c220 m5 firmware 3.0(1a)

cisco ucs c240 m5 firmware 3.0(1a)

cisco ucs c480 ml firmware 3.0(1a)

Vendor Advisories

A vulnerability in the web-based management interface of Cisco HyperFlex HX-Series could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected system The vulnerability is due to insufficient CSRF protections for the web-based management interface of the affecte ...