CVE-2023-20263
published 2023-09-06CVE-2023-20263: A vulnerability in the web-based management interface of Cisco HyperFlex HX Data Platform could allow an unauthenticated, remote attacker to redirect a user to…
PriorityP184medium6.1CVSS 3.1
AVNACLPRNUIRSCCLILAN
ITWVulnCheck KEVRansomware
Exploited in the wild
EPSS
0.48%
37.8th percentile
A vulnerability in the web-based management interface of Cisco HyperFlex HX Data Platform could allow an unauthenticated, remote attacker to redirect a user to a malicious web page.
This vulnerability is due to improper input validation of the parameters in an HTTP request. An attacker could exploit this vulnerability by persuading a user to click a crafted link. A successful exploit could allow the attacker to redirect a user to a malicious website.
Affected
22 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| cisco | cisco_hyperflex_hx_data_platform | — | — |
| cisco | cisco_hyperflex_hx_data_platform | — | — |
| cisco | cisco_hyperflex_hx_data_platform | — | — |
| cisco | cisco_hyperflex_hx_data_platform | — | — |
| cisco | cisco_hyperflex_hx_data_platform | — | — |
| cisco | cisco_hyperflex_hx_data_platform | — | — |
| cisco | cisco_hyperflex_hx_data_platform | — | — |
| cisco | cisco_hyperflex_hx_data_platform | — | — |
| cisco | cisco_hyperflex_hx_data_platform | — | — |
| cisco | cisco_hyperflex_hx_data_platform | — | — |
| cisco | cisco_hyperflex_hx_data_platform | — | — |
| cisco | cisco_hyperflex_hx_data_platform | — | — |
| cisco | cisco_hyperflex_hx_data_platform | — | — |
| cisco | cisco_hyperflex_hx_data_platform | — | — |
| cisco | cisco_hyperflex_hx_data_platform | — | — |
| cisco | cisco_hyperflex_hx_data_platform | — | — |
| cisco | cisco_hyperflex_hx_data_platform | — | — |
| cisco | cisco_hyperflex_hx_data_platform | — | — |
| cisco | cisco_hyperflex_hx_data_platform | — | — |
| cisco | hyperflex_hx_data_platform | — | — |
| cisco | hyperflex_hx_data_platform | — | — |
| cisco | hyperflex_hx_data_platform_open_redirect | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Exploit vector is a crafted HTTP request with malicious parameters targeting the web-based management interface of Cisco HyperFlex HX Data Platform; look for anomalous or external URLs in HTTP request parameters (e.g., redirect/url parameters) sent to the HyperFlex management interface. ↗
- ·No workarounds are available for this vulnerability; remediation requires applying Cisco-released software updates for HyperFlex HX Data Platform. ↗
CVSS provenance
nvdv3.16.1MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
vulncheck4.7MEDIUM
vendor_cisco4.7MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Cisco
Cisco HyperFlex HX Data Platform Open Redirect Vulnerability
vendor_cisco·2023-09-06·CVSS 4.7
CVE-2023-20263 [MEDIUM] CWE-601 Cisco HyperFlex HX Data Platform Open Redirect Vulnerability
Cisco HyperFlex HX Data Platform Open Redirect Vulnerability
A vulnerability in the web-based management interface of Cisco HyperFlex HX Data Platform could allow an unauthenticated, remote attacker to redirect a user to a malicious web page.
This vulnerability is due to improper input validation of the parameters in an HTTP request. An attacker could exploit this vulnerability by persuading a user to click a crafted link. A successful exploit could allow the attacker to redirect a user to a malicious website.
Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
This advisory is available at the following link:https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-hyperflex-redirect
Cisco
Cisco HyperFlex HX Data Platform Open Redirect Vulnerability
vendor_cisco·CVSS 3.1
CVE-2023-20263 Cisco HyperFlex HX Data Platform Open Redirect Vulnerability
CVE-2023-20263: Cisco HyperFlex HX Data Platform Open Redirect Vulnerability
A vulnerability in the web-based management interface of Cisco HyperFlex HX Data Platform could allow an unauthenticated, remote attacker to redirect a user to a malicious web page. This vulnerability is due to improper input validation of the parameters in an HTTP request. An attacker could exploit this vulnerability by persuading a user to click a crafted link. A successful exploit could allow the attacker to redirect a user to a malicious website. Cisco has released software updates that address this vulnerability. There are no
CVSS: 3.1
CWE: CWE-601, CWE-601
Bug IDs: CSCwd47675
GHSA
GHSA-fr6h-cvqr-2jq8: A vulnerability in the web-based management interface of Cisco HyperFlex HX Data Platform could allow an unauthenticated, remote attacker to redirect
ghsa_unreviewed·2023-09-06
CVE-2023-20263 [MEDIUM] CWE-601 GHSA-fr6h-cvqr-2jq8: A vulnerability in the web-based management interface of Cisco HyperFlex HX Data Platform could allow an unauthenticated, remote attacker to redirect
A vulnerability in the web-based management interface of Cisco HyperFlex HX Data Platform could allow an unauthenticated, remote attacker to redirect a user to a malicious web page.
This vulnerability is due to improper input validation of the parameters in an HTTP request. An attacker could exploit this vulnerability by persuading a user to click a crafted link. A successful exploit could allow the attacker to redirect a user to a malicious website.
VulnCheck
Cisco hyperflex_hx_data_platform URL Redirection to Untrusted Site ('Open Redirect')
vulncheck·2023·CVSS 4.7
CVE-2023-20263 [MEDIUM] Cisco hyperflex_hx_data_platform URL Redirection to Untrusted Site ('Open Redirect')
Cisco hyperflex_hx_data_platform URL Redirection to Untrusted Site ('Open Redirect')
A vulnerability in the web-based management interface of Cisco HyperFlex HX Data Platform could allow an unauthenticated, remote attacker to redirect a user to a malicious web page.
This vulnerability is due to improper input validation of the parameters in an HTTP request. An attacker could exploit this vulnerability by persuading a user to click a crafted link. A successful exploit could allow the attacker to redirect a user to a malicious website.
Affected: Cisco hyperflex_hx_data_platform
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Known Ransomware Campaign Use: Known
Exploitation Refer
No detection rules found.
No public exploits indexed.
Talos
Akira ransomware continues to evolve
blogs_talos·2024-10-21
Akira ransomware continues to evolve
## Akira ransomware continues to evolve
Akira continues to cement its position as one of the most prevalent ransomware operations in the threat landscape, according to Cisco Talos’ findings and analysis.
Their success is partly due to the fact that they are constantly evolving. For example, after Akira already developed a new version of their ransomware encryptor earlier in the year, we just recently observed another novel iteration of the encryptor targeting Windows and Linux hosts alike.
Previously, Akria typically employed a double-extortion tactic in which critical data is exfiltrated prior to the compromised victim systems becoming encrypted. Beginning in early 2024, Akira appeared to be sidelining the encryption tactics, focusing on data exfiltration only. We assess with low to mo
Talos
Akira ransomware continues to evolve
blogs_talos·2024-10-21
Akira ransomware continues to evolve
Akira continues to cement its position as one of the most prevalent ransomware operations in the threat landscape, according to Cisco Talos’ findings and analysis.
Their success is partly due to the fact that they are constantly evolving. For example, after Akira already developed a new version of their ransomware encryptor earlier in the year, we just recently observed another novel iteration of the encryptor targeting Windows and Linux hosts alike.
Previously, Akria typically employed a double-extortion tactic in which critical data is exfiltrated prior to the compromised victim systems becoming encrypted. Beginning in early 2024, Akira appeared to be sidelining the encryption tactics, focusing on data exfiltration only. We assess with low to moderate confidence that this shift was due
2023-09-06
Published
Exploited in the wild