CVE-2019-1666

CWE-284 — Improper Access Control CWE-287 — Improper Authentication5 documents5 sources

Severity

5.3MEDIUM

EPSS

1.6%

top 18.38%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Cisco Hyperflex Hx-series Cisco Hyperflex HX Data Platform

Timeline

PublishedFeb 21

Latest updateMay 13

Description

A vulnerability in the Graphite service of Cisco HyperFlex software could allow an unauthenticated, remote attacker to retrieve data from the Graphite service. The vulnerability is due to insufficient authentication controls. An attacker could exploit this vulnerability by sending crafted requests to the Graphite service. A successful exploit could allow the attacker to retrieve any statistics from the Graphite service. Versions prior to 3.5(2a) are affected.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages2 packages

▶NVDcisco/hyperflex_hx_data_platform12 versions+11

▶CVEListV5cisco/cisco_hyperflex_hx-seriesunspecified — 3.5(2a)

🔴Vulnerability Details

GHSA

GHSA-268p-g9gf-2gh5: A vulnerability in the Graphite service of Cisco HyperFlex software could allow an unauthenticated, remote attacker to retrieve data from the Graphite↗2022-05-13

▶

CVEList

Cisco HyperFlex Unauthenticated Statistics Retrieval Vulnerability↗2019-02-21

▶

📋Vendor Advisories

Cisco

Cisco HyperFlex Unauthenticated Statistics Retrieval Vulnerability↗2019-02-20

▶

💬Community

Bugzilla

CVE-2019-2502 mysql: InnoDB unspecified vulnerability (CPU Jan 2019)↗2019-01-16

▶