CVE-2019-1664

CWE-284 — Improper Access Control CWE-287 — Improper Authentication4 documents4 sources

Severity

7.8HIGH

EPSS

0.4%

top 39.41%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Cisco Hyperflex Hx-series Cisco Hyperflex HX Data Platform

Timeline

PublishedFeb 21

Latest updateMay 13

Description

A vulnerability in the hxterm service of Cisco HyperFlex Software could allow an unauthenticated, local attacker to gain root access to all nodes in the cluster. The vulnerability is due to insufficient authentication controls. An attacker could exploit this vulnerability by connecting to the hxterm service as a non-privileged, local user. A successful exploit could allow the attacker to gain root access to all member nodes of the HyperFlex cluster. This vulnerability affects Cisco HyperFlex Sof…

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages2 packages

▶CVEListV5cisco/cisco_hyperflex_hx-seriesunspecified — 3.5(2a)

▶NVDcisco/hyperflex_hx_data_platform12 versions+11

🔴Vulnerability Details

GHSA

GHSA-jjrr-rj68-xhw3: A vulnerability in the hxterm service of Cisco HyperFlex Software could allow an unauthenticated, local attacker to gain root access to all nodes in t↗2022-05-13

▶

CVEList

Cisco HyperFlex Software Unauthenticated Root Access Vulnerability↗2019-02-21

▶

📋Vendor Advisories

Cisco

Cisco HyperFlex Software Unauthenticated Root Access Vulnerability↗2019-02-20

▶