5.3
CVE-2019-1666
- EPSS 1.59%
- Veröffentlicht 21.02.2019 19:29:00
- Zuletzt bearbeitet 21.11.2024 04:37:03
- Quelle psirt@cisco.com
- CVE-Watchlists
- Unerledigt
LoginA vulnerability in the Graphite service of Cisco HyperFlex software could allow an unauthenticated, remote attacker to retrieve data from the Graphite service. The vulnerability is due to insufficient authentication controls. An attacker could exploit this vulnerability by sending crafted requests to the Graphite service. A successful exploit could allow the attacker to retrieve any statistics from the Graphite service. Versions prior to 3.5(2a) are affected.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Cisco ≫ Hyperflex Hx Data Platform Version2.6(1a)
Cisco ≫ Hyperflex Hx Data Platform Version2.6(1b)
Cisco ≫ Hyperflex Hx Data Platform Version2.6(1d)
Cisco ≫ Hyperflex Hx Data Platform Version2.6(1e)
Cisco ≫ Hyperflex Hx Data Platform Version3.0(1a)
Cisco ≫ Hyperflex Hx Data Platform Version3.0(1b)
Cisco ≫ Hyperflex Hx Data Platform Version3.0(1c)
Cisco ≫ Hyperflex Hx Data Platform Version3.0(1d)
Cisco ≫ Hyperflex Hx Data Platform Version3.0(1e)
Cisco ≫ Hyperflex Hx Data Platform Version3.0(1h)
Cisco ≫ Hyperflex Hx Data Platform Version3.0(1i)
Cisco ≫ Hyperflex Hx Data Platform Version3.5(1a)
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.59% | 0.799 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5.3 | 3.9 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
|
| nvd@nist.gov | 5 | 10 | 2.9 |
AV:N/AC:L/Au:N/C:P/I:N/A:N
|
| psirt@cisco.com | 5.3 | 3.9 | 1.4 |
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
|
CWE-284 Improper Access Control
The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.
CWE-287 Improper Authentication
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.