CVE-2019-1667

Cisco HyperFlex Arbitrary Statistics Write Vulnerability

CVSS 4 MEDIUMEPSS 0.2%CWE-345

Vexday Risk Score

13Bajo

Decisión SSVC (CISA)

Track

Sin señal de explotación → monitorear

CVSS 4EPSS 0.2%KEV nãoPoC —Nuclei —Metasploit —Patch referenciado

Ciclo de vida

21 feb 2019Publicada en NVD

Recomendación: Monitorear — sin señal de explotación por ahora.

A vulnerability in the Graphite interface of Cisco HyperFlex software could allow an authenticated, local attacker to write arbitrary data to the Graphite interface. The vulnerability is due to insufficient authorization controls. An attacker could exploit this vulnerability by connecting to the Graphite service and sending arbitrary data. A successful exploit could allow the attacker to write arbitrary data to Graphite, which could result in invalid statistics being presented in the interface. Versions prior to 3.5(2a) are affected.

CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Productos afectados

Cisco · Cisco HyperFlex HX-Series

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190220-hyper-write http://www.securityfocus.com/bid/107100