CVE-2019-1857
A vulnerability in the web-based management interface of Cisco HyperFlex HX-Series could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected system. The vulnerability is due to insufficient CSRF protections for the web-based management interface of the affected software. An attacker could exploit this vulnerability by persuading a user of the interface to follow a crafted link. A successful exploit could allow the attacker to perform arbitrary actions on an affected system by using a web browser and with the privileges of the user.
EPSS 0.09% · 26.3th percentile
Risk Scores
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| cisco | ucs_b200_m5_firmware | 3.0\(1a\) |
| cisco | ucs_c240_m5_firmware | 3.0\(1a\) |
| cisco | hx220c_edge_m5_firmware | 3.0\(1a\) |
| cisco | hx220c_m5_firmware | 3.0\(1a\) |
| cisco | hx220c_af_m5_firmware | 3.0\(1a\) |
| Cisco | Cisco HyperFlex HX-Series | unspecified |
| cisco | hx240c_m5_firmware | 3.0\(1a\) |
| cisco | hx240c_af_m5_firmware | 3.0\(1a\) |
| cisco | ucs_c480_ml_firmware | * |
| cisco | ucs_c125_m5_firmware | 3.0\(1a\) |
| cisco | ucs_c480_m5_firmware | 3.0\(1a\) |
| cisco | hx220c_all_nvme_m5_firmware | 3.0\(1a\) |
| cisco | hx240c_large_form_factor_firmware | * |
| cisco | ucs_b480_m5_firmware | 3.0\(1a\) |
| cisco | ucs_c220_m5_firmware | 3.0\(1a\) |
Exploit Intelligence
Timeline
- May 1, 2019 CVE Published
- Apr 14, 2021 EPSS Score
- Jun 23, 2021 EPSS Score
- Aug 24, 2021 EPSS Score
- Oct 26, 2021 EPSS Score
- Jan 6, 2022 EPSS Score
- Feb 4, 2022 EPSS Score
- Feb 28, 2022 EPSS Score
- Apr 1, 2022 EPSS Score
- May 1, 2022 EPSS Score
- Jul 3, 2022 EPSS Score
- Sep 4, 2022 EPSS Score