First published: Fri May 03 2019(Updated: )
A vulnerability in the web-based management interface of Cisco HyperFlex HX-Series could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected system. The vulnerability is due to insufficient CSRF protections for the web-based management interface of the affected software. An attacker could exploit this vulnerability by persuading a user of the interface to follow a crafted link. A successful exploit could allow the attacker to perform arbitrary actions on an affected system by using a web browser and with the privileges of the user.
Credit: ykramarz@cisco.com ykramarz@cisco.com
Affected Software | Affected Version | How to fix |
---|---|---|
Cisco Hx220c M5 Firmware | =3.0\(1a\) | |
Cisco Hx220c M5 | ||
Cisco Hx240c M5 Firmware | =3.0\(1a\) | |
Cisco Hx240c M5 | ||
Cisco Hx240c Large Form Factor Firmware | =3.0\(1a\) | |
Cisco Hx240c Large Form Factor | ||
Cisco Hx220c All Nvme M5 Firmware | =3.0\(1a\) | |
Cisco Hx220c All Nvme M5 | ||
Cisco Hx220c Af M5 Firmware | =3.0\(1a\) | |
Cisco Hx220c Af M5 | ||
Cisco Hx240c Af M5 Firmware | =3.0\(1a\) | |
Cisco Hx240c Af M5 | ||
Cisco Hx220c Edge M5 Firmware | =3.0\(1a\) | |
Cisco Hx220c Edge M5 | ||
Cisco Ucs B200 M5 Firmware | =3.0\(1a\) | |
Cisco Ucs B200 M5 | ||
Cisco Ucs B480 M5 Firmware | =3.0\(1a\) | |
Cisco Ucs B480 M5 | ||
Cisco Ucs C480 M5 Firmware | =3.0\(1a\) | |
Cisco Ucs C480 M5 | ||
Cisco Ucs C125 M5 Firmware | =3.0\(1a\) | |
Cisco Ucs C125 M5 | ||
Cisco Ucs C220 M5 Firmware | =3.0\(1a\) | |
Cisco Ucs C220 M5 | ||
Cisco Ucs C240 M5 Firmware | =3.0\(1a\) | |
Cisco Ucs C240 M5 | ||
Cisco Ucs C480 Ml Firmware | =3.0\(1a\) | |
Cisco Ucs C480 Ml | ||
All of | ||
Cisco Hx220c M5 Firmware | =3.0\(1a\) | |
Cisco Hx220c M5 | ||
All of | ||
Cisco Hx240c M5 Firmware | =3.0\(1a\) | |
Cisco Hx240c M5 | ||
All of | ||
Cisco Hx240c Large Form Factor Firmware | =3.0\(1a\) | |
Cisco Hx240c Large Form Factor | ||
All of | ||
Cisco Hx220c All Nvme M5 Firmware | =3.0\(1a\) | |
Cisco Hx220c All Nvme M5 | ||
All of | ||
Cisco Hx220c Af M5 Firmware | =3.0\(1a\) | |
Cisco Hx220c Af M5 | ||
All of | ||
Cisco Hx240c Af M5 Firmware | =3.0\(1a\) | |
Cisco Hx240c Af M5 | ||
All of | ||
Cisco Hx220c Edge M5 Firmware | =3.0\(1a\) | |
Cisco Hx220c Edge M5 | ||
All of | ||
Cisco Ucs B200 M5 Firmware | =3.0\(1a\) | |
Cisco Ucs B200 M5 | ||
All of | ||
Cisco Ucs B480 M5 Firmware | =3.0\(1a\) | |
Cisco Ucs B480 M5 | ||
All of | ||
Cisco Ucs C480 M5 Firmware | =3.0\(1a\) | |
Cisco Ucs C480 M5 | ||
All of | ||
Cisco Ucs C125 M5 Firmware | =3.0\(1a\) | |
Cisco Ucs C125 M5 | ||
All of | ||
Cisco Ucs C220 M5 Firmware | =3.0\(1a\) | |
Cisco Ucs C220 M5 | ||
All of | ||
Cisco Ucs C240 M5 Firmware | =3.0\(1a\) | |
Cisco Ucs C240 M5 | ||
All of | ||
Cisco Ucs C480 Ml Firmware | =3.0\(1a\) | |
Cisco Ucs C480 Ml |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2019-1857 is a vulnerability in the web-based management interface of Cisco HyperFlex HX-Series that could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected system.
The severity of CVE-2019-1857 is high, with a severity value of 8.8.
An attacker can exploit CVE-2019-1857 by conducting a cross-site request forgery (CSRF) attack through the web-based management interface of Cisco HyperFlex HX-Series.
The affected software of CVE-2019-1857 is Cisco HyperFlex HX-Series with specific firmware versions.
Yes, you can find more information about CVE-2019-1857 at the following references: [SecurityFocus](http://www.securityfocus.com/bid/108163) and [Cisco Security Advisory](https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190501-hyperflex-csrf).