CVE-2019-1975
Cisco HyperFlex Software Cross-Frame Scripting Vulnerability
Severity Score
6.1
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
A vulnerability in the web-based interface of Cisco HyperFlex Software could allow an unauthenticated, remote attacker to execute a cross-frame scripting (XFS) attack on an affected device. This vulnerability is due to insufficient HTML iframe protection. An attacker could exploit this vulnerability by directing a user to an attacker-controlled web page that contains a malicious HTML iframe. A successful exploit could allow the attacker to conduct clickjacking or other clientside browser attacks.
Una vulnerabilidad en la interfaz basada en web de Cisco HyperFlex Software podría permitir a un atacante remoto no autenticado ejecutar un ataque de tipo cross-frame scripting (XFS) sobre un dispositivo afectado. Esta vulnerabilidad es debido a una protección insuficiente de iframe HTML. Un atacante podría explotar esta vulnerabilidad mediante el direccionamiento de un usuario a una página web controlada por el atacante que contenga un iframe HTML malicioso. Una explotación con éxito podría permitir al atacante conducir ataques de secuestro de cliqueo u otros ataques del navegador del lado del cliente.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2018-12-06 CVE Reserved
- 2019-09-18 CVE Published
- 2023-03-07 EPSS Updated
- 2024-09-17 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-693: Protection Mechanism Failure
- CWE-1021: Improper Restriction of Rendered UI Layers or Frames
CAPEC
References (1)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Cisco Search vendor "Cisco" | Hyperflex Hx220c M5 Firmware Search vendor "Cisco" for product "Hyperflex Hx220c M5 Firmware" | <= 3.5.2f Search vendor "Cisco" for product "Hyperflex Hx220c M5 Firmware" and version " <= 3.5.2f" | - |
Affected
| in | Cisco Search vendor "Cisco" | Hyperflex Hx220c M5 Search vendor "Cisco" for product "Hyperflex Hx220c M5" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Hyperflex Hx220c M5 Firmware Search vendor "Cisco" for product "Hyperflex Hx220c M5 Firmware" | 4.0\(1a\) Search vendor "Cisco" for product "Hyperflex Hx220c M5 Firmware" and version "4.0\(1a\)" | - |
Affected
| in | Cisco Search vendor "Cisco" | Hyperflex Hx220c M5 Search vendor "Cisco" for product "Hyperflex Hx220c M5" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Hyperflex Hx240c M5 Firmware Search vendor "Cisco" for product "Hyperflex Hx240c M5 Firmware" | <= 3.5.2f Search vendor "Cisco" for product "Hyperflex Hx240c M5 Firmware" and version " <= 3.5.2f" | - |
Affected
| in | Cisco Search vendor "Cisco" | Hyperflex Hx240c M5 Search vendor "Cisco" for product "Hyperflex Hx240c M5" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Hyperflex Hx240c M5 Firmware Search vendor "Cisco" for product "Hyperflex Hx240c M5 Firmware" | 4.0\(1a\) Search vendor "Cisco" for product "Hyperflex Hx240c M5 Firmware" and version "4.0\(1a\)" | - |
Affected
| in | Cisco Search vendor "Cisco" | Hyperflex Hx240c M5 Search vendor "Cisco" for product "Hyperflex Hx240c M5" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Hyperflex Hx220c Af M5 Firmware Search vendor "Cisco" for product "Hyperflex Hx220c Af M5 Firmware" | <= 3.5.2f Search vendor "Cisco" for product "Hyperflex Hx220c Af M5 Firmware" and version " <= 3.5.2f" | - |
Affected
| in | Cisco Search vendor "Cisco" | Hyperflex Hx220c Af M5 Search vendor "Cisco" for product "Hyperflex Hx220c Af M5" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Hyperflex Hx220c Af M5 Firmware Search vendor "Cisco" for product "Hyperflex Hx220c Af M5 Firmware" | 4.0\(1a\) Search vendor "Cisco" for product "Hyperflex Hx220c Af M5 Firmware" and version "4.0\(1a\)" | - |
Affected
| in | Cisco Search vendor "Cisco" | Hyperflex Hx220c Af M5 Search vendor "Cisco" for product "Hyperflex Hx220c Af M5" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Hyperflex Hx240c Af M5 Firmware Search vendor "Cisco" for product "Hyperflex Hx240c Af M5 Firmware" | <= 3.5.2f Search vendor "Cisco" for product "Hyperflex Hx240c Af M5 Firmware" and version " <= 3.5.2f" | - |
Affected
| in | Cisco Search vendor "Cisco" | Hyperflex Hx240c Af M5 Search vendor "Cisco" for product "Hyperflex Hx240c Af M5" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Hyperflex Hx240c Af M5 Firmware Search vendor "Cisco" for product "Hyperflex Hx240c Af M5 Firmware" | 4.0\(1a\) Search vendor "Cisco" for product "Hyperflex Hx240c Af M5 Firmware" and version "4.0\(1a\)" | - |
Affected
| in | Cisco Search vendor "Cisco" | Hyperflex Hx240c Af M5 Search vendor "Cisco" for product "Hyperflex Hx240c Af M5" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Hyperflex Hx220c Edge M5 Firmware Search vendor "Cisco" for product "Hyperflex Hx220c Edge M5 Firmware" | <= 3.5.2f Search vendor "Cisco" for product "Hyperflex Hx220c Edge M5 Firmware" and version " <= 3.5.2f" | - |
Affected
| in | Cisco Search vendor "Cisco" | Hyperflex Hx220c Edge M5 Search vendor "Cisco" for product "Hyperflex Hx220c Edge M5" | - | - |
Safe
|
| Cisco Search vendor "Cisco" | Hyperflex Hx220c Edge M5 Firmware Search vendor "Cisco" for product "Hyperflex Hx220c Edge M5 Firmware" | 4.0\(1a\) Search vendor "Cisco" for product "Hyperflex Hx220c Edge M5 Firmware" and version "4.0\(1a\)" | - |
Affected
| in | Cisco Search vendor "Cisco" | Hyperflex Hx220c Edge M5 Search vendor "Cisco" for product "Hyperflex Hx220c Edge M5" | - | - |
Safe
|