CVE-2019-1857

A vulnerability in the web-based management interface of Cisco HyperFlex HX-Series could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected system. The vulnerability is due to insufficient CSRF protections for the web-based management interface of the affected software. An attacker could exploit this vulnerability by persuading a user of the interface to follow a crafted link. A successful exploit could allow the attacker to perform arbitrary actions on an affected system by using a web browser and with the privileges of the user.
Configurations

Configuration 1 (hide)

AND
cpe:2.3:o:cisco:hx220c_m5_firmware:3.0\(1a\):*:*:*:*:*:*:*
cpe:2.3:h:cisco:hx220c_m5:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:o:cisco:hx240c_m5_firmware:3.0\(1a\):*:*:*:*:*:*:*
cpe:2.3:h:cisco:hx240c_m5:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:o:cisco:hx240c_large_form_factor_firmware:3.0\(1a\):*:*:*:*:*:*:*
cpe:2.3:h:cisco:hx240c_large_form_factor:-:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:o:cisco:hx220c_all_nvme_m5_firmware:3.0\(1a\):*:*:*:*:*:*:*
cpe:2.3:h:cisco:hx220c_all_nvme_m5:-:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
cpe:2.3:o:cisco:hx220c_af_m5_firmware:3.0\(1a\):*:*:*:*:*:*:*
cpe:2.3:h:cisco:hx220c_af_m5:-:*:*:*:*:*:*:*

Configuration 6 (hide)

AND
cpe:2.3:o:cisco:hx240c_af_m5_firmware:3.0\(1a\):*:*:*:*:*:*:*
cpe:2.3:h:cisco:hx240c_af_m5:-:*:*:*:*:*:*:*

Configuration 7 (hide)

AND
cpe:2.3:o:cisco:hx220c_edge_m5_firmware:3.0\(1a\):*:*:*:*:*:*:*
cpe:2.3:h:cisco:hx220c_edge_m5:-:*:*:*:*:*:*:*

Configuration 8 (hide)

AND
cpe:2.3:o:cisco:ucs_b200_m5_firmware:3.0\(1a\):*:*:*:*:*:*:*
cpe:2.3:h:cisco:ucs_b200_m5:-:*:*:*:*:*:*:*

Configuration 9 (hide)

AND
cpe:2.3:o:cisco:ucs_b480_m5_firmware:3.0\(1a\):*:*:*:*:*:*:*
cpe:2.3:h:cisco:ucs_b480_m5:-:*:*:*:*:*:*:*

Configuration 10 (hide)

AND
cpe:2.3:o:cisco:ucs_c480_m5_firmware:3.0\(1a\):*:*:*:*:*:*:*
cpe:2.3:h:cisco:ucs_c480_m5:-:*:*:*:*:*:*:*

Configuration 11 (hide)

AND
cpe:2.3:o:cisco:ucs_c125_m5_firmware:3.0\(1a\):*:*:*:*:*:*:*
cpe:2.3:h:cisco:ucs_c125_m5:-:*:*:*:*:*:*:*

Configuration 12 (hide)

AND
cpe:2.3:o:cisco:ucs_c220_m5_firmware:3.0\(1a\):*:*:*:*:*:*:*
cpe:2.3:h:cisco:ucs_c220_m5:-:*:*:*:*:*:*:*

Configuration 13 (hide)

AND
cpe:2.3:o:cisco:ucs_c240_m5_firmware:3.0\(1a\):*:*:*:*:*:*:*
cpe:2.3:h:cisco:ucs_c240_m5:-:*:*:*:*:*:*:*

Configuration 14 (hide)

AND
cpe:2.3:o:cisco:ucs_c480_ml_firmware:3.0\(1a\):*:*:*:*:*:*:*
cpe:2.3:h:cisco:ucs_c480_ml:-:*:*:*:*:*:*:*

History

No history.

Information

Published : 2019-05-03 17:29

Updated : 2024-02-28 17:08


NVD link : CVE-2019-1857

Mitre link : CVE-2019-1857

CVE.ORG link : CVE-2019-1857


JSON object : View

Products Affected

cisco

  • hx240c_af_m5_firmware
  • ucs_c220_m5
  • hx220c_m5_firmware
  • ucs_b480_m5_firmware
  • ucs_b200_m5_firmware
  • hx240c_m5_firmware
  • hx220c_af_m5
  • ucs_c480_m5_firmware
  • ucs_b480_m5
  • ucs_c125_m5
  • ucs_c480_ml
  • ucs_c220_m5_firmware
  • hx220c_all_nvme_m5_firmware
  • hx220c_edge_m5
  • hx220c_af_m5_firmware
  • ucs_c480_m5
  • ucs_c125_m5_firmware
  • hx220c_m5
  • hx240c_large_form_factor
  • ucs_c480_ml_firmware
  • hx240c_af_m5
  • ucs_c240_m5
  • hx220c_all_nvme_m5
  • hx240c_large_form_factor_firmware
  • hx220c_edge_m5_firmware
  • hx240c_m5
  • ucs_b200_m5
  • ucs_c240_m5_firmware
CWE
CWE-352

Cross-Site Request Forgery (CSRF)