Description
A vulnerability in the web-based management interface of Cisco HyperFlex HX Data Platform could allow an unauthenticated, remote attacker to redirect a user to a malicious web page. This vulnerability is due to improper input validation of the parameters in an HTTP request. An attacker could exploit this vulnerability by persuading a user to click a crafted link. A successful exploit could allow the attacker to redirect a user to a malicious website.
CVSS breakdown
CVSS 3.1
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Changed
Confidentiality
None
Integrity
Low
Availability
None
Affected products
- Cisco / Cisco HyperFlex HX Data Platform4.0(1a) – 4.0(1a)
- Cisco / Cisco HyperFlex HX Data Platform4.0(1b) – 4.0(1b)
- Cisco / Cisco HyperFlex HX Data Platform4.0(2a) – 4.0(2a)
- Cisco / Cisco HyperFlex HX Data Platform4.0(2b) – 4.0(2b)
- Cisco / Cisco HyperFlex HX Data Platform4.0(2c) – 4.0(2c)
- Cisco / Cisco HyperFlex HX Data Platform4.0(2d) – 4.0(2d)
- Cisco / Cisco HyperFlex HX Data Platform4.0(2e) – 4.0(2e)
- Cisco / Cisco HyperFlex HX Data Platform4.0(2f) – 4.0(2f)
- Cisco / Cisco HyperFlex HX Data Platform4.5(1a) – 4.5(1a)
- Cisco / Cisco HyperFlex HX Data Platform4.5(2a) – 4.5(2a)
- Cisco / Cisco HyperFlex HX Data Platform4.5(2b) – 4.5(2b)
- Cisco / Cisco HyperFlex HX Data Platform4.5(2c) – 4.5(2c)
- Cisco / Cisco HyperFlex HX Data Platform4.5(2d) – 4.5(2d)
- Cisco / Cisco HyperFlex HX Data Platform4.5(2e) – 4.5(2e)
- Cisco / Cisco HyperFlex HX Data Platform5.0(1a) – 5.0(1a)
- Cisco / Cisco HyperFlex HX Data Platform5.0(1b) – 5.0(1b)
- Cisco / Cisco HyperFlex HX Data Platform5.0(1c) – 5.0(1c)
- Cisco / Cisco HyperFlex HX Data Platform5.0(2a) – 5.0(2a)
- Cisco / Cisco HyperFlex HX Data Platform5.0(2b) – 5.0(2b)