CVE-2019-1857
Published May 3, 2019
Last updated 6 years ago
Overview
- Description
- A vulnerability in the web-based management interface of Cisco HyperFlex HX-Series could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected system. The vulnerability is due to insufficient CSRF protections for the web-based management interface of the affected software. An attacker could exploit this vulnerability by persuading a user of the interface to follow a crafted link. A successful exploit could allow the attacker to perform arbitrary actions on an affected system by using a web browser and with the privileges of the user.
- Source
- ykramarz@cisco.com
- NVD status
- Modified
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 3.0
- Type
- Primary
- Base score
- 8.8
- Impact score
- 5.9
- Exploitability score
- 2.8
- Vector string
- CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
- Severity
- HIGH
CVSS 2.0
- Type
- Primary
- Base score
- 6.8
- Impact score
- 6.4
- Exploitability score
- 8.6
- Vector string
- AV:N/AC:M/Au:N/C:P/I:P/A:P
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:hx220c_m5:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "FB126C9A-C926-436F-94AB-E7A4BA8EC8F5"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:hx220c_m5_firmware:3.0\\(1a\\):*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "C5C198A0-34DF-4237-9579-1395B05B9352"
}
],
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:hx240c_m5:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "D96602B4-C017-4480-976E-38B9A7BB9B47"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:hx240c_m5_firmware:3.0\\(1a\\):*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D33F42D5-0B40-4D5D-ABFB-D2024D6659C4"
}
],
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:hx240c_large_form_factor:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "1E4B8B57-386B-461B-92C5-859298C5CE76"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:hx240c_large_form_factor_firmware:3.0\\(1a\\):*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B0B0B68A-40FF-4436-A206-81039E476FA4"
}
],
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:hx220c_all_nvme_m5:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "BC0DE157-7B81-4F8E-9F75-4324F7F64357"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:hx220c_all_nvme_m5_firmware:3.0\\(1a\\):*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D3431062-82CE-4E1B-A1BA-7EC439B9DD7F"
}
],
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:hx220c_af_m5_firmware:3.0\\(1a\\):*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "58156CE8-E695-49B4-98F7-1603F905AB57"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:hx220c_af_m5:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "224D5BE6-AC77-41B4-9533-8413DC060821"
}
],
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:hx240c_af_m5_firmware:3.0\\(1a\\):*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "760C8584-51F8-4A9A-9A9E-504EA14C091C"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:hx240c_af_m5:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "1CA7BE5B-90E9-4B86-B0B7-A265C94FB9BE"
}
],
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:hx220c_edge_m5_firmware:3.0\\(1a\\):*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "81D3B26E-428E-4EA8-B3CB-C46EF784C730"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:hx220c_edge_m5:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "61B08E59-8B5B-4D03-A4D0-6180D64C9967"
}
],
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:ucs_b200_m5_firmware:3.0\\(1a\\):*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "BB2303C3-1AC3-4934-A622-E36CE82C17AC"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:ucs_b200_m5:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "C51F9FBE-4ACC-4979-B8EE-8CABC65D5477"
}
],
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:ucs_b480_m5_firmware:3.0\\(1a\\):*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "06F57EE6-4F72-4412-96D2-4841DEE6B8FA"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:ucs_b480_m5:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "989ABDEE-49FC-4CD7-82AA-2CCB53942C2C"
}
],
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:ucs_c480_m5_firmware:3.0\\(1a\\):*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "AD062D9B-D02A-4012-A0F3-DDDBD3AB9947"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:ucs_c480_m5:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "0D0B0FA5-996F-4F25-8AAB-603CB46175F9"
}
],
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:ucs_c125_m5:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "ADD4A429-F168-460B-A964-8F1BD94C6387"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:ucs_c125_m5_firmware:3.0\\(1a\\):*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B3CFA537-40C6-47C6-916E-62CCE609670F"
}
],
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:ucs_c220_m5:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "855E1346-BACC-4485-9534-7C830FCFD54B"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:ucs_c220_m5_firmware:3.0\\(1a\\):*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "AE5DEFA9-4D1D-4469-84D0-FA694568F3D6"
}
],
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:ucs_c240_m5:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "F262ADAB-74DC-466B-983A-C49E4BAC22C0"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:ucs_c240_m5_firmware:3.0\\(1a\\):*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "242959AB-0566-443A-A065-F64D42A6207F"
}
],
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:h:cisco:ucs_c480_ml:-:*:*:*:*:*:*:*",
"vulnerable": false,
"matchCriteriaId": "2A3FFE02-A5A8-4F0F-87C5-F7651F511074"
}
],
"operator": "OR"
},
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:cisco:ucs_c480_ml_firmware:3.0\\(1a\\):*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "38E05AD1-38AC-44B2-B7AD-45E86B66CCDF"
}
],
"operator": "OR"
}
],
"operator": "AND"
}
]