Lucene search

K
cve[email protected]CVE-2019-1666
HistoryFeb 21, 2019 - 7:29 p.m.

CVE-2019-1666

2019-02-2119:29:00
CWE-284
CWE-287
web.nvd.nist.gov
25
cve-2019-1666
cisco
hyperflex
graphite service
vulnerability
unauthenticated
remote attacker
data retrieval
nvd

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

5.4 Medium

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.001 Low

EPSS

Percentile

47.1%

A vulnerability in the Graphite service of Cisco HyperFlex software could allow an unauthenticated, remote attacker to retrieve data from the Graphite service. The vulnerability is due to insufficient authentication controls. An attacker could exploit this vulnerability by sending crafted requests to the Graphite service. A successful exploit could allow the attacker to retrieve any statistics from the Graphite service. Versions prior to 3.5(2a) are affected.

Affected configurations

NVD
Node
ciscohyperflex_hx_data_platformMatch2.6\(1a\)
OR
ciscohyperflex_hx_data_platformMatch2.6\(1b\)
OR
ciscohyperflex_hx_data_platformMatch2.6\(1d\)
OR
ciscohyperflex_hx_data_platformMatch2.6\(1e\)
OR
ciscohyperflex_hx_data_platformMatch3.0\(1a\)
OR
ciscohyperflex_hx_data_platformMatch3.0\(1b\)
OR
ciscohyperflex_hx_data_platformMatch3.0\(1c\)
OR
ciscohyperflex_hx_data_platformMatch3.0\(1d\)
OR
ciscohyperflex_hx_data_platformMatch3.0\(1e\)
OR
ciscohyperflex_hx_data_platformMatch3.0\(1h\)
OR
ciscohyperflex_hx_data_platformMatch3.0\(1i\)
OR
ciscohyperflex_hx_data_platformMatch3.5\(1a\)

CNA Affected

[
  {
    "product": "Cisco HyperFlex HX-Series ",
    "vendor": "Cisco",
    "versions": [
      {
        "lessThan": "3.5(2a)",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

5.4 Medium

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.001 Low

EPSS

Percentile

47.1%

Related for CVE-2019-1666