Vulnerability Details CVE-2019-1975
A vulnerability in the web-based interface of Cisco HyperFlex Software could allow an unauthenticated, remote attacker to execute a cross-frame scripting (XFS) attack on an affected device. This vulnerability is due to insufficient HTML iframe protection. An attacker could exploit this vulnerability by directing a user to an attacker-controlled web page that contains a malicious HTML iframe. A successful exploit could allow the attacker to conduct clickjacking or other clientside browser attacks.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.005
EPSS Ranking 63.7%
CVSS Severity
CVSS v3 Score 6.5
CVSS v2 Score 4.3
References
Products affected by CVE-2019-1975
-
cpe:2.3:h:cisco:hyperflex_hx220c_af_m5:-
-
cpe:2.3:h:cisco:hyperflex_hx220c_edge_m5:-
-
cpe:2.3:h:cisco:hyperflex_hx220c_m5:-
-
cpe:2.3:h:cisco:hyperflex_hx240c_af_m5:-
-
cpe:2.3:h:cisco:hyperflex_hx240c_m5:-
-
cpe:2.3:o:cisco:hyperflex_hx220c_af_m5_firmware:3.0(1a)
-
cpe:2.3:o:cisco:hyperflex_hx220c_af_m5_firmware:3.5(2a)
-
cpe:2.3:o:cisco:hyperflex_hx220c_af_m5_firmware:3.5.2f
-
cpe:2.3:o:cisco:hyperflex_hx220c_af_m5_firmware:4.0(1a)
-
cpe:2.3:o:cisco:hyperflex_hx220c_edge_m5_firmware:3.0(1a)
-
cpe:2.3:o:cisco:hyperflex_hx220c_edge_m5_firmware:3.5(2a)
-
cpe:2.3:o:cisco:hyperflex_hx220c_edge_m5_firmware:3.5.2f
-
cpe:2.3:o:cisco:hyperflex_hx220c_edge_m5_firmware:4.0(1a)
-
cpe:2.3:o:cisco:hyperflex_hx220c_m5_firmware:3.0(1a)
-
cpe:2.3:o:cisco:hyperflex_hx220c_m5_firmware:3.5(2a)
-
cpe:2.3:o:cisco:hyperflex_hx220c_m5_firmware:3.5.2f
-
cpe:2.3:o:cisco:hyperflex_hx220c_m5_firmware:4.0(1a)
-
cpe:2.3:o:cisco:hyperflex_hx240c_af_m5_firmware:3.0(1a)
-
cpe:2.3:o:cisco:hyperflex_hx240c_af_m5_firmware:3.5(2a)
-
cpe:2.3:o:cisco:hyperflex_hx240c_af_m5_firmware:3.5.2f
-
cpe:2.3:o:cisco:hyperflex_hx240c_af_m5_firmware:4.0(1a)
-
cpe:2.3:o:cisco:hyperflex_hx240c_m5_firmware:3.0(1a)
-
cpe:2.3:o:cisco:hyperflex_hx240c_m5_firmware:3.5(2a)
-
cpe:2.3:o:cisco:hyperflex_hx240c_m5_firmware:3.5.2f
-
cpe:2.3:o:cisco:hyperflex_hx240c_m5_firmware:4.0(1a)