First published: Wed Sep 18 2019(Updated: )
A vulnerability in the web-based interface of Cisco HyperFlex Software could allow an unauthenticated, remote attacker to execute a cross-frame scripting (XFS) attack on an affected device. This vulnerability is due to insufficient HTML iframe protection. An attacker could exploit this vulnerability by directing a user to an attacker-controlled web page that contains a malicious HTML iframe. A successful exploit could allow the attacker to conduct clickjacking or other clientside browser attacks.
Credit: ykramarz@cisco.com
Affected Software | Affected Version | How to fix |
---|---|---|
Cisco Hyperflex Hx220c M5 Firmware | <=3.5.2f | |
Cisco Hyperflex Hx220c M5 Firmware | =4.0\(1a\) | |
Cisco Hyperflex Hx220c M5 | ||
Cisco Hyperflex Hx240c M5 Firmware | <=3.5.2f | |
Cisco Hyperflex Hx240c M5 Firmware | =4.0\(1a\) | |
Cisco Hyperflex Hx240c M5 | ||
Cisco Hyperflex Hx220c Af M5 Firmware | <=3.5.2f | |
Cisco Hyperflex Hx220c Af M5 Firmware | =4.0\(1a\) | |
Cisco Hyperflex Hx220c Af M5 | ||
Cisco Hyperflex Hx240c Af M5 Firmware | <=3.5.2f | |
Cisco Hyperflex Hx240c Af M5 Firmware | =4.0\(1a\) | |
Cisco Hyperflex Hx240c Af M5 | ||
Cisco Hyperflex Hx220c Edge M5 Firmware | <=3.5.2f | |
Cisco Hyperflex Hx220c Edge M5 Firmware | =4.0\(1a\) | |
Cisco Hyperflex Hx220c Edge M5 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for the Cisco HyperFlex Software vulnerability is CVE-2019-1975.
CVE-2019-1975 has a severity level of 6.1 (medium).
The affected software for CVE-2019-1975 includes Cisco HyperFlex Hx220c M5 Firmware versions up to and including 3.5.2f, and Cisco HyperFlex Hx240c M5 Firmware versions up to and including 3.5.2f.
CVE-2019-1975 allows an unauthenticated, remote attacker to execute a cross-frame scripting (XFS) attack on an affected device.
You can find more information about CVE-2019-1975 on the Cisco Security Advisory page: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190918-hyperflex-xfs