HIGH✓ PATCH🇵🇱 Wersja polska

CVE-2018-15380

CVSS 8.8v3.0pub. 2019-02-20upd. 2024-11-21

A vulnerability in the cluster service manager of Cisco HyperFlex Software could allow an unauthenticated, adjacent attacker to execute commands as the root user. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by connecting to the cluster service manager and injecting commands into the bound process. A successful exploit could allow the attacker to run commands on the affected host as the root user. This vulnerability affects Cisco HyperFlex Software releases prior to 3.5(2a).

CVSS Vector
CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Cisco Hyperflex Hx Data Platform

    APP
    Cisco
    3.0\(1a\)3.5\(1a\)
🟢
PATCH AVAILABLE
Vendor update available. Deploy in standard maintenance cycle.
Tags
Command Injection
CWE
References

Related vulnerabilities

CVE-2021-1498CRITICAL9.8⚠ KEVten sam produkt

Multiple vulnerabilities in the web-based management interface of Cisco HyperFlex HX could allow an unauthenti...

CVE-2021-1497CRITICAL9.8⚠ KEVten sam produkt

Multiple vulnerabilities in the web-based management interface of Cisco HyperFlex HX could allow an unauthenti...

CVE-2019-1958HIGH8.8ten sam produkt

A vulnerability in the web-based management interface of Cisco HyperFlex Software could allow an unauthenticat...

CVE-2019-1664HIGH7.8ten sam produkt

A vulnerability in the hxterm service of Cisco HyperFlex Software could allow an unauthenticated, local attack...

CVE-2018-15382HIGH8.6ten sam produkt

A vulnerability in Cisco HyperFlex Software could allow an unauthenticated, remote attacker to generate valid,...