Cross site request forgery (csrf)

2019-05-0317:29:00

PRIOn knowledge base

www.prio-n.com

8.7 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

44.7%

JSON

A vulnerability in the web-based management interface of Cisco HyperFlex HX-Series could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected system. The vulnerability is due to insufficient CSRF protections for the web-based management interface of the affected software. An attacker could exploit this vulnerability by persuading a user of the interface to follow a crafted link. A successful exploit could allow the attacker to perform arbitrary actions on an affected system by using a web browser and with the privileges of the user.

CPENameOperatorVersion
hx220c_af_m5_firmwareeq3.1.97
hx220c_all_nvme_m5_firmwareeq3.1.97
hx220c_edge_m5_firmwareeq3.1.97
hx220c_m5_firmwareeq3.1.97
hx240c_af_m5_firmwareeq3.1.97
hx240c_large_form_factor_firmwareeq3.1.97
hx240c_m5_firmwareeq3.1.97
ucs_b200_m5_firmwareeq3.1.97
ucs_b480_m5_firmwareeq3.1.97
ucs_c125_m5_firmwareeq3.1.97

Name	Operator	Version
hx220c_af_m5_firmware	eq	3.1.97
hx220c_all_nvme_m5_firmware	eq	3.1.97
hx220c_edge_m5_firmware	eq	3.1.97
hx220c_m5_firmware	eq	3.1.97
hx240c_af_m5_firmware	eq	3.1.97
hx240c_large_form_factor_firmware	eq	3.1.97
hx240c_m5_firmware	eq	3.1.97
ucs_b200_m5_firmware	eq	3.1.97
ucs_b480_m5_firmware	eq	3.1.97
ucs_c125_m5_firmware	eq	3.1.97