CVE-2019-1857

Name of the Vulnerable Software and Affected Versions Cisco HyperFlex HX-Series (affected versions not specified)

Description The issue is related to insufficient authentication checks for executed requests in the web-based management interface of Cisco HyperFlex, allowing a remote attacker to perform arbitrary actions on an affected system. This can be achieved by exploiting a cross-site request forgery (CSRF) vulnerability, where an attacker persuades a user to follow a specially crafted link, potentially allowing the attacker to execute arbitrary code or actions with the privileges of the user.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.