CVE-2018-15407

CWE-200 — Information Exposure CWE-4594 documents4 sources

Severity

5.5MEDIUM

EPSS

0.1%

top 81.07%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Cisco Hyperflex Hx-series Cisco Hyperflex HX Data Platform

Timeline

PublishedOct 5

Latest updateMay 13

Description

A vulnerability in the installation process of Cisco HyperFlex Software could allow an authenticated, local attacker to read sensitive information. The vulnerability is due to insufficient cleanup of installation files. An attacker could exploit this vulnerability by accessing the residual installation files on an affected system. A successful exploit could allow the attacker to collect sensitive information regarding the configuration of the system.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages2 packages

▶CVEListV5cisco/cisco_hyperflex_hx-seriesn/a

▶NVDcisco/hyperflex_hx_data_platform3.0\(1a\)

🔴Vulnerability Details

GHSA

GHSA-qg7x-r68h-9889: A vulnerability in the installation process of Cisco HyperFlex Software could allow an authenticated, local attacker to read sensitive information↗2022-05-13

▶

CVEList

Cisco HyperFlex World-Readable Sensitive Information Vulnerability↗2018-10-05

▶

📋Vendor Advisories

Cisco

Cisco HyperFlex World-Readable Sensitive Information Vulnerability↗2018-10-03

▶