VDB

CVE-2019-1857

CVE-2019-1857 PUBLISHED CVSS 6.099999904632568 MEDIUM

A vulnerability in the web-based management interface of Cisco HyperFlex HX-Series could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected system. The vulnerability is due to insufficient CSRF protections for the web-based management interface of the affected software. An attacker could exploit this vulnerability by persuading a user of the interface to follow a crafted link. A successful exploit could allow the attacker to perform arbitrary actions on an affected system by using a web browser and with the privileges of the user.

EPSS 0.09% · 26.3th percentile

Risk Scores

CVSS 3.0
6.099999904632568
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
EPSS Score
0.09%
26.3th percentile

Affected Products

VendorProductVersions
ciscoucs_b200_m5_firmware3.0\(1a\)
ciscoucs_c240_m5_firmware3.0\(1a\)
ciscohx220c_edge_m5_firmware3.0\(1a\)
ciscohx220c_m5_firmware3.0\(1a\)
ciscohx220c_af_m5_firmware3.0\(1a\)
CiscoCisco HyperFlex HX-Seriesunspecified
ciscohx240c_m5_firmware3.0\(1a\)
ciscohx240c_af_m5_firmware3.0\(1a\)
ciscoucs_c480_ml_firmware*
ciscoucs_c125_m5_firmware3.0\(1a\)
ciscoucs_c480_m5_firmware3.0\(1a\)
ciscohx220c_all_nvme_m5_firmware3.0\(1a\)
ciscohx240c_large_form_factor_firmware*
ciscoucs_b480_m5_firmware3.0\(1a\)
ciscoucs_c220_m5_firmware3.0\(1a\)

Timeline

  • May 1, 2019 CVE Published
  • Apr 14, 2021 EPSS Score
  • Jun 23, 2021 EPSS Score
  • Aug 24, 2021 EPSS Score
  • Oct 26, 2021 EPSS Score
  • Jan 6, 2022 EPSS Score
  • Feb 4, 2022 EPSS Score
  • Feb 28, 2022 EPSS Score
  • Apr 1, 2022 EPSS Score
  • May 1, 2022 EPSS Score
  • Jul 3, 2022 EPSS Score
  • Sep 4, 2022 EPSS Score
Open in Interactive Console →
$ Console Community · 100/wk Open console ›