Cisco Hyperflex Hx Data Platform vulnerabilities

CVE-2023-20263 [MEDIUM] CWE-601 CVE-2023-20263: A vulnerability in the web-based management interface of Cisco HyperFlex HX Data Platform could allo A vulnerability in the web-based management interface of Cisco HyperFlex HX Data Platform could allow an unauthenticated, remote attacker to redirect a user to a malicious web page. This vulnerability is due to improper input validation of the parameters in an HTTP request. An attacker could exploit this vulnerability by persuading a user to click

CVE-2021-1498 [CRITICAL] CWE-78 CVE-2021-1498: Multiple vulnerabilities in the web-based management interface of Cisco HyperFlex HX could allow an Multiple vulnerabilities in the web-based management interface of Cisco HyperFlex HX could allow an unauthenticated, remote attacker to perform command injection attacks against an affected device. For more information about these vulnerabilities, see the Details section of this advisory.

CVE-2021-1497 [CRITICAL] CWE-78 CVE-2021-1497: Multiple vulnerabilities in the web-based management interface of Cisco HyperFlex HX could allow an Multiple vulnerabilities in the web-based management interface of Cisco HyperFlex HX could allow an unauthenticated, remote attacker to perform command injection attacks against an affected device. For more information about these vulnerabilities, see the Details section of this advisory.

CVE-2021-1499 [MEDIUM] CWE-306 CVE-2021-1499: A vulnerability in the web-based management interface of Cisco HyperFlex HX Data Platform could allo A vulnerability in the web-based management interface of Cisco HyperFlex HX Data Platform could allow an unauthenticated, remote attacker to upload files to an affected device. This vulnerability is due to missing authentication for the upload function. An attacker could exploit this vulnerability by sending a specific HTTP request to an affected devi

CVE-2019-1958 [HIGH] CWE-352 CVE-2019-1958: A vulnerability in the web-based management interface of Cisco HyperFlex Software could allow an una A vulnerability in the web-based management interface of Cisco HyperFlex Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. The vulnerability is due to insufficient CSRF protections for the web UI on an affected device. An attacker could exploit this vulnerability by pers

CVE-2019-1664 [HIGH] CWE-284 CVE-2019-1664: A vulnerability in the hxterm service of Cisco HyperFlex Software could allow an unauthenticated, lo A vulnerability in the hxterm service of Cisco HyperFlex Software could allow an unauthenticated, local attacker to gain root access to all nodes in the cluster. The vulnerability is due to insufficient authentication controls. An attacker could exploit this vulnerability by connecting to the hxterm service as a non-privileged, local user. A successful

CVE-2019-1666 [MEDIUM] CWE-284 CVE-2019-1666: A vulnerability in the Graphite service of Cisco HyperFlex software could allow an unauthenticated, A vulnerability in the Graphite service of Cisco HyperFlex software could allow an unauthenticated, remote attacker to retrieve data from the Graphite service. The vulnerability is due to insufficient authentication controls. An attacker could exploit this vulnerability by sending crafted requests to the Graphite service. A successful exploit could all

CVE-2019-1665 [MEDIUM] CWE-79 CVE-2019-1665: A vulnerability in the web-based management interface of Cisco HyperFlex software could allow an una A vulnerability in the web-based management interface of Cisco HyperFlex software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected system. The vulnerability is due to insufficient validation of user-supplied input by the web-based managemen

CVE-2019-1667 [LOW] CWE-345 CVE-2019-1667: A vulnerability in the Graphite interface of Cisco HyperFlex software could allow an authenticated, A vulnerability in the Graphite interface of Cisco HyperFlex software could allow an authenticated, local attacker to write arbitrary data to the Graphite interface. The vulnerability is due to insufficient authorization controls. An attacker could exploit this vulnerability by connecting to the Graphite service and sending arbitrary data. A successful ex

CVE-2018-15380 [HIGH] CWE-78 CVE-2018-15380: A vulnerability in the cluster service manager of Cisco HyperFlex Software could allow an unauthenti A vulnerability in the cluster service manager of Cisco HyperFlex Software could allow an unauthenticated, adjacent attacker to execute commands as the root user. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by connecting to the cluster service manager and injecting commands into the bound proc

CVE-2018-15382 [HIGH] CWE-642 CVE-2018-15382: A vulnerability in Cisco HyperFlex Software could allow an unauthenticated, remote attacker to gener A vulnerability in Cisco HyperFlex Software could allow an unauthenticated, remote attacker to generate valid, signed session tokens. The vulnerability is due to a static signing key that is present in all Cisco HyperFlex systems. An attacker could exploit this vulnerability by accessing the static signing key from one HyperFlex system and using it to

CVE-2018-15407 [MEDIUM] CWE-200 CVE-2018-15407: A vulnerability in the installation process of Cisco HyperFlex Software could allow an authenticated A vulnerability in the installation process of Cisco HyperFlex Software could allow an authenticated, local attacker to read sensitive information. The vulnerability is due to insufficient cleanup of installation files. An attacker could exploit this vulnerability by accessing the residual installation files on an affected system. A successful explo

CVE-2018-15429 [MEDIUM] CWE-20 CVE-2018-15429: A vulnerability in the web-based UI of Cisco HyperFlex HX Data Platform Software could allow an unau A vulnerability in the web-based UI of Cisco HyperFlex HX Data Platform Software could allow an unauthenticated, remote attacker to access sensitive information on an affected system. The vulnerability is due to a lack of proper input and authorization of HTTP requests. An attacker could exploit this vulnerability by sending a malicious HTTP request

CVE-2018-15423 [MEDIUM] CWE-693 CVE-2018-15423: A vulnerability in the web UI of Cisco HyperFlex Software could allow an unauthenticated, remote att A vulnerability in the web UI of Cisco HyperFlex Software could allow an unauthenticated, remote attacker to affect the integrity of a device via a clickjacking attack. The vulnerability is due to insufficient input validation of iFrame data in HTTP requests that are sent to an affected device. An attacker could exploit this vulnerability by sending

CVE-2017-12315 [MEDIUM] CWE-200 CVE-2017-12315: A vulnerability in system logging when replication is being configured with the Cisco HyperFlex Syst A vulnerability in system logging when replication is being configured with the Cisco HyperFlex System could allow an authenticated, local attacker to view sensitive information that should be restricted in the system log files. The attacker would have to be authenticated as an administrative user to conduct this attack. The vulnerability is due to