HIGH✓ PATCH🇵🇱 Wersja polska

CVE-2019-1664

CVSS 7.8v3.1pub. 2019-02-21upd. 2024-11-21

A vulnerability in the hxterm service of Cisco HyperFlex Software could allow an unauthenticated, local attacker to gain root access to all nodes in the cluster. The vulnerability is due to insufficient authentication controls. An attacker could exploit this vulnerability by connecting to the hxterm service as a non-privileged, local user. A successful exploit could allow the attacker to gain root access to all member nodes of the HyperFlex cluster. This vulnerability affects Cisco HyperFlex Software Releases prior to 3.5(2a).

CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  • Cisco Hyperflex Hx Data Platform

    OS
    Cisco
    2.6\(1a\)2.6\(1b\)2.6\(1d\)2.6\(1e\)3.0\(1a\)3.0\(1b\)3.0\(1c\)3.0\(1d\)3.0\(1e\)3.0\(1h\)3.0\(1i\)3.5\(1a\)
🟢
PATCH AVAILABLE
Vendor update available. Deploy in standard maintenance cycle.
Tags
Auth Bypass
CWE
References

Related vulnerabilities

CVE-2021-1497CRITICAL9.8⚠ KEVten sam produkt

Multiple vulnerabilities in the web-based management interface of Cisco HyperFlex HX could allow an unauthenti...

CVE-2021-1498CRITICAL9.8⚠ KEVten sam produkt

Multiple vulnerabilities in the web-based management interface of Cisco HyperFlex HX could allow an unauthenti...

CVE-2019-1958HIGH8.8ten sam produkt

A vulnerability in the web-based management interface of Cisco HyperFlex Software could allow an unauthenticat...

CVE-2018-15380HIGH8.8ten sam produkt

A vulnerability in the cluster service manager of Cisco HyperFlex Software could allow an unauthenticated, adj...

CVE-2018-15382HIGH8.6ten sam produkt

A vulnerability in Cisco HyperFlex Software could allow an unauthenticated, remote attacker to generate valid,...