8.1

CVE-2019-1664

A vulnerability in the hxterm service of Cisco HyperFlex Software could allow an unauthenticated, local attacker to gain root access to all nodes in the cluster. The vulnerability is due to insufficient authentication controls. An attacker could exploit this vulnerability by connecting to the hxterm service as a non-privileged, local user. A successful exploit could allow the attacker to gain root access to all member nodes of the HyperFlex cluster. This vulnerability affects Cisco HyperFlex Software Releases prior to 3.5(2a).
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
CiscoHyperflex Hx Data Platform Version2.6(1a)
CiscoHyperflex Hx Data Platform Version2.6(1b)
CiscoHyperflex Hx Data Platform Version2.6(1d)
CiscoHyperflex Hx Data Platform Version2.6(1e)
CiscoHyperflex Hx Data Platform Version3.0(1a)
CiscoHyperflex Hx Data Platform Version3.0(1b)
CiscoHyperflex Hx Data Platform Version3.0(1c)
CiscoHyperflex Hx Data Platform Version3.0(1d)
CiscoHyperflex Hx Data Platform Version3.0(1e)
CiscoHyperflex Hx Data Platform Version3.0(1h)
CiscoHyperflex Hx Data Platform Version3.0(1i)
CiscoHyperflex Hx Data Platform Version3.5(1a)
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.4% 0.578
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.8 1.8 5.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 7.2 3.9 10
AV:L/AC:L/Au:N/C:C/I:C/A:C
psirt@cisco.com 8.1 1.4 6
CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
CWE-284 Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

CWE-287 Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

http://www.securityfocus.com/bid/107103
Third Party Advisory
VDB Entry