CVE-2023-20263 — Vulnetix

CVE-2023-20263 PUBLISHED CVSS 4.699999809265137 MEDIUM

A vulnerability in the web-based management interface of Cisco HyperFlex HX Data Platform could allow an unauthenticated, remote attacker to redirect a user to a malicious web page. This vulnerability is due to improper input validation of the parameters in an HTTP request. An attacker could exploit this vulnerability by persuading a user to click a crafted link. A successful exploit could allow the attacker to redirect a user to a malicious website.

EPSS 0.46% · 64.2th percentile

Risk Scores

CVSS 3.1

4.699999809265137

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N

EPSS Score

0.46%

64.2th percentile

Affected Products

Vendor	Product	Versions
cisco	hyperflex_hx_data_platform	5.0, 5.5
Cisco	Cisco HyperFlex HX Data Platform	4.0(1a), 4.0(1b), 4.0(2a)

Exploit Intelligence

cisco-sa-hyperflex-redirect-UxLgqdUF (circl)

Timeline

Sep 6, 2023 CVE Published
Sep 7, 2023 EPSS Score
Oct 10, 2023 EPSS Score
Nov 11, 2023 EPSS Score
Dec 14, 2023 EPSS Score
Jan 15, 2024 EPSS Score
Feb 17, 2024 EPSS Score
Mar 21, 2024 EPSS Score
Apr 22, 2024 EPSS Score
May 25, 2024 EPSS Score
Jun 27, 2024 EPSS Score
Jul 29, 2024 EPSS Score

References

Open in Interactive Console →