CVE-2019-1667

CWE-345 CWE-863 — Incorrect Authorization4 documents4 sources

Severity

3.3LOW

EPSS

0.0%

top 91.94%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Cisco Hyperflex Hx-series Cisco Hyperflex HX Data Platform

Timeline

PublishedFeb 21

Latest updateMay 13

Description

A vulnerability in the Graphite interface of Cisco HyperFlex software could allow an authenticated, local attacker to write arbitrary data to the Graphite interface. The vulnerability is due to insufficient authorization controls. An attacker could exploit this vulnerability by connecting to the Graphite service and sending arbitrary data. A successful exploit could allow the attacker to write arbitrary data to Graphite, which could result in invalid statistics being presented in the interface. …

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:NExploitability: 1.8 | Impact: 1.4

Affected Packages2 packages

▶NVDcisco/hyperflex_hx_data_platform12 versions+11

▶CVEListV5cisco/cisco_hyperflex_hx-seriesunspecified — 3.5(2a)

🔴Vulnerability Details

GHSA

GHSA-4mrw-m8gp-8hgx: A vulnerability in the Graphite interface of Cisco HyperFlex software could allow an authenticated, local attacker to write arbitrary data to the Grap↗2022-05-13

▶

CVEList

Cisco HyperFlex Arbitrary Statistics Write Vulnerability↗2019-02-21

▶

📋Vendor Advisories

Cisco

Cisco HyperFlex Arbitrary Statistics Write Vulnerability↗2019-02-20

▶