CVE-2019-1975 — Vulnetix

CVE-2019-1975 PUBLISHED CVSS 6.5 MEDIUM

A vulnerability in the web-based interface of Cisco HyperFlex Software could allow an unauthenticated, remote attacker to execute a cross-frame scripting (XFS) attack on an affected device. This vulnerability is due to insufficient HTML iframe protection. An attacker could exploit this vulnerability by directing a user to an attacker-controlled web page that contains a malicious HTML iframe. A successful exploit could allow the attacker to conduct clickjacking or other clientside browser attacks.

EPSS 0.40% · 61.0th percentile

Risk Scores

CVSS 3.0

6.5

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

EPSS Score

0.40%

61.0th percentile

Affected Products

Vendor	Product	Versions
cisco	hyperflex_hx220c_m5_firmware	0, *
cisco	hyperflex_hx220c_af_m5_firmware	0, 4.0\(1a\)
Cisco	Cisco HyperFlex HX-Series	*
cisco	hyperflex_hx240c_m5_firmware	*, 0
cisco	hyperflex_hx220c_edge_m5_firmware	4.0\(1a\), 0
cisco	hyperflex_hx240c_af_m5_firmware	4.0\(1a\), 0

Exploit Intelligence

20190918 Cisco HyperFlex Software Cross-Frame Scripting Vulnerability (circl)

Timeline

Sep 18, 2019 CVE Published
Apr 14, 2021 EPSS Score
Jun 23, 2021 EPSS Score
Aug 24, 2021 EPSS Score
Oct 26, 2021 EPSS Score
Dec 27, 2021 EPSS Score
Feb 28, 2022 EPSS Score
Apr 1, 2022 EPSS Score
May 1, 2022 EPSS Score
Jul 3, 2022 EPSS Score
Sep 4, 2022 EPSS Score
Nov 6, 2022 EPSS Score

References

20190918 Cisco HyperFlex Software Cross-Frame Scripting Vulnerability vendor-advisory
https://nvd.nist.gov/vuln/detail/CVE-2019-1975 advisory

Open in Interactive Console →