First published: Wed Sep 06 2023(Updated: )
A vulnerability in the web-based management interface of Cisco HyperFlex HX Data Platform could allow an unauthenticated, remote attacker to redirect a user to a malicious web page. This vulnerability is due to improper input validation of the parameters in an HTTP request. An attacker could exploit this vulnerability by persuading a user to click a crafted link. A successful exploit could allow the attacker to redirect a user to a malicious website.
Credit: ykramarz@cisco.com ykramarz@cisco.com
Affected Software | Affected Version | How to fix |
---|---|---|
Cisco HyperFlex HX Data Platform | =5.0 | |
Cisco HyperFlex HX Data Platform | =5.5 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID is CVE-2023-20263.
The severity of CVE-2023-20263 is medium.
Cisco HyperFlex HX Data Platform versions 5.0 and 5.5 are affected by CVE-2023-20263.
An unauthenticated, remote attacker can exploit CVE-2023-20263 by redirecting a user to a malicious web page.
Yes, Cisco has released a security advisory with mitigation information for CVE-2023-20263. Please refer to their advisory for more details.