CVE-2023-20263

MEDIUM EXPLOITED RANSOMWARE

Cisco HyperFlex HX Data Platform - Open Redirect

Title source: llm

Exploitation Summary

CVE-2023-20263 has been observed exploited in the wild (reported by VulnCheck KEV), including in ransomware campaigns.

Description

A vulnerability in the web-based management interface of Cisco HyperFlex HX Data Platform could allow an unauthenticated, remote attacker to redirect a user to a malicious web page. This vulnerability is due to improper input validation of the parameters in an HTTP request. An attacker could exploit this vulnerability by persuading a user to click a crafted link. A successful exploit could allow the attacker to redirect a user to a malicious website.

References (1)

Core 1

Core References

Vendor Advisory

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-hyperflex-redirect-UxLgqdUF

Scores

CVSS v3 4.7

EPSS 0.0036

EPSS Percentile 58.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

VulnCheck KEV 2024-10-21

Ransomware Use Confirmed

CWE

CWE-601

Status published

Products (2)

cisco/hyperflex_hx_data_platform 5.0

cisco/hyperflex_hx_data_platform 5.5

Published Sep 06, 2023

Tracked Since Feb 18, 2026