CVE-2019-1857: Cisco HyperFlex HX-Series Web-Based Management Interface Cross-Site Request Forgery Vulnerability
First published: Fri May 03 2019(Updated: )
A vulnerability in the web-based management interface of Cisco HyperFlex HX-Series could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected system. The vulnerability is due to insufficient CSRF protections for the web-based management interface of the affected software. An attacker could exploit this vulnerability by persuading a user of the interface to follow a crafted link. A successful exploit could allow the attacker to perform arbitrary actions on an affected system by using a web browser and with the privileges of the user.
Credit: ykramarz@cisco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cisco Hx220c M5 Firmware | =3.0\(1a\) | |
| Cisco Hx220c M5 | ||
| Cisco Hx240c M5 Firmware | =3.0\(1a\) | |
| Cisco Hx240c M5 | ||
| Cisco Hx240c Large Form Factor Firmware | =3.0\(1a\) | |
| Cisco Hx240c Large Form Factor | ||
| Cisco Hx220c All Nvme M5 Firmware | =3.0\(1a\) | |
| Cisco Hx220c All Nvme M5 | ||
| Cisco Hx220c Af M5 Firmware | =3.0\(1a\) | |
| Cisco Hx220c Af M5 | ||
| Cisco Hx240c Af M5 Firmware | =3.0\(1a\) | |
| Cisco Hx240c Af M5 | ||
| Cisco Hx220c Edge M5 Firmware | =3.0\(1a\) | |
| Cisco Hx220c Edge M5 | ||
| Cisco Ucs B200 M5 Firmware | =3.0\(1a\) | |
| Cisco Ucs B200 M5 | ||
| Cisco Ucs B480 M5 Firmware | =3.0\(1a\) | |
| Cisco Ucs B480 M5 | ||
| Cisco Ucs C480 M5 Firmware | =3.0\(1a\) | |
| Cisco Ucs C480 M5 | ||
| Cisco Ucs C125 M5 Firmware | =3.0\(1a\) | |
| Cisco Ucs C125 M5 | ||
| Cisco Ucs C220 M5 Firmware | =3.0\(1a\) | |
| Cisco Ucs C220 M5 | ||
| Cisco Ucs C240 M5 Firmware | =3.0\(1a\) | |
| Cisco Ucs C240 M5 | ||
| Cisco Ucs C480 Ml Firmware | =3.0\(1a\) | |
| Cisco Ucs C480 Ml |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2019-1857?
CVE-2019-1857 is a vulnerability in the web-based management interface of Cisco HyperFlex HX-Series that could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected system.
What is the severity of CVE-2019-1857?
The severity of CVE-2019-1857 is high, with a severity value of 8.8.
How can an attacker exploit CVE-2019-1857?
An attacker can exploit CVE-2019-1857 by conducting a cross-site request forgery (CSRF) attack through the web-based management interface of Cisco HyperFlex HX-Series.
What is the affected software of CVE-2019-1857?
The affected software of CVE-2019-1857 is Cisco HyperFlex HX-Series with specific firmware versions.
Are there any references for CVE-2019-1857?
Yes, you can find more information about CVE-2019-1857 at the following references: [SecurityFocus](http://www.securityfocus.com/bid/108163) and [Cisco Security Advisory](https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190501-hyperflex-csrf).
- collector/nvd-index
- agent/references
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/weakness
- agent/title
- agent/last-modified-date
- agent/author
- agent/tags
- agent/description
- agent/first-publish-date
- agent/event
- vendor/cisco
- canonical/cisco hx220c m5 firmware
- version/cisco hx220c m5 firmware/3.0\(1a\)
- canonical/cisco hx220c m5
- canonical/cisco hx240c m5 firmware
- version/cisco hx240c m5 firmware/3.0\(1a\)
- canonical/cisco hx240c m5
- canonical/cisco hx240c large form factor firmware
- version/cisco hx240c large form factor firmware/3.0\(1a\)
- canonical/cisco hx240c large form factor
- canonical/cisco hx220c all nvme m5 firmware
- version/cisco hx220c all nvme m5 firmware/3.0\(1a\)
- canonical/cisco hx220c all nvme m5
- canonical/cisco hx220c af m5 firmware
- version/cisco hx220c af m5 firmware/3.0\(1a\)
- canonical/cisco hx220c af m5
- canonical/cisco hx240c af m5 firmware
- version/cisco hx240c af m5 firmware/3.0\(1a\)
- canonical/cisco hx240c af m5
- canonical/cisco hx220c edge m5 firmware
- version/cisco hx220c edge m5 firmware/3.0\(1a\)
- canonical/cisco hx220c edge m5
- canonical/cisco ucs b200 m5 firmware
- version/cisco ucs b200 m5 firmware/3.0\(1a\)
- canonical/cisco ucs b200 m5
- canonical/cisco ucs b480 m5 firmware
- version/cisco ucs b480 m5 firmware/3.0\(1a\)
- canonical/cisco ucs b480 m5
- canonical/cisco ucs c480 m5 firmware
- version/cisco ucs c480 m5 firmware/3.0\(1a\)
- canonical/cisco ucs c480 m5
- canonical/cisco ucs c125 m5 firmware
- version/cisco ucs c125 m5 firmware/3.0\(1a\)
- canonical/cisco ucs c125 m5
- canonical/cisco ucs c220 m5 firmware
- version/cisco ucs c220 m5 firmware/3.0\(1a\)
- canonical/cisco ucs c220 m5
- canonical/cisco ucs c240 m5 firmware
- version/cisco ucs c240 m5 firmware/3.0\(1a\)
- canonical/cisco ucs c240 m5
- canonical/cisco ucs c480 ml firmware
- version/cisco ucs c480 ml firmware/3.0\(1a\)
- canonical/cisco ucs c480 ml