Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cve[email protected]CVE-2019-1666
HistoryFeb 21, 2019 - 7:29 p.m.

CVE-2019-1666

2019-02-2119:29:00
CWE-284
CWE-287
[email protected]
web.nvd.nist.gov
25
cve-2019-1666
cisco
hyperflex
graphite service
vulnerability
unauthenticated
remote attacker
data retrieval
nvd

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

5.4 Medium

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.001 Low

EPSS

Percentile

47.1%

JSON

A vulnerability in the Graphite service of Cisco HyperFlex software could allow an unauthenticated, remote attacker to retrieve data from the Graphite service. The vulnerability is due to insufficient authentication controls. An attacker could exploit this vulnerability by sending crafted requests to the Graphite service. A successful exploit could allow the attacker to retrieve any statistics from the Graphite service. Versions prior to 3.5(2a) are affected.

Affected configurations

NVD
Node
ciscohyperflex_hx_data_platformMatch2.6\(1a\)
OR
ciscohyperflex_hx_data_platformMatch2.6\(1b\)
OR
ciscohyperflex_hx_data_platformMatch2.6\(1d\)
OR
ciscohyperflex_hx_data_platformMatch2.6\(1e\)
OR
ciscohyperflex_hx_data_platformMatch3.0\(1a\)
OR
ciscohyperflex_hx_data_platformMatch3.0\(1b\)
OR
ciscohyperflex_hx_data_platformMatch3.0\(1c\)
OR
ciscohyperflex_hx_data_platformMatch3.0\(1d\)
OR
ciscohyperflex_hx_data_platformMatch3.0\(1e\)
OR
ciscohyperflex_hx_data_platformMatch3.0\(1h\)
OR
ciscohyperflex_hx_data_platformMatch3.0\(1i\)
OR
ciscohyperflex_hx_data_platformMatch3.5\(1a\)
CPENameOperatorVersion
cisco:hyperflex_hx_data_platformcisco hyperflex hx data platformeq2.6\(1a\)
cisco:hyperflex_hx_data_platformcisco hyperflex hx data platformeq2.6\(1b\)
cisco:hyperflex_hx_data_platformcisco hyperflex hx data platformeq2.6\(1d\)
cisco:hyperflex_hx_data_platformcisco hyperflex hx data platformeq2.6\(1e\)
cisco:hyperflex_hx_data_platformcisco hyperflex hx data platformeq3.0\(1a\)
cisco:hyperflex_hx_data_platformcisco hyperflex hx data platformeq3.0\(1b\)
cisco:hyperflex_hx_data_platformcisco hyperflex hx data platformeq3.0\(1c\)
cisco:hyperflex_hx_data_platformcisco hyperflex hx data platformeq3.0\(1d\)
cisco:hyperflex_hx_data_platformcisco hyperflex hx data platformeq3.0\(1e\)
cisco:hyperflex_hx_data_platformcisco hyperflex hx data platformeq3.0\(1h\)
Rows per page:
1-10 of 121

CNA Affected

[
  {
    "product": "Cisco HyperFlex HX-Series ",
    "vendor": "Cisco",
    "versions": [
      {
        "lessThan": "3.5(2a)",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]

Related

prion 1
nvd 1
cisco 1
cvelist 1
prion
prion
Authentication flaw
2019-02-21 19:29:00
nvd
nvd
CVE-2019-1666
2019-02-21 19:29:00
cisco
cisco
Cisco HyperFlex Unauthenticated Statistics Retrieval Vulnerability
2019-02-20 16:00:00
cvelist
cvelist
CVE-2019-1666 Cisco HyperFlex Unauthenticated Statistics Retrieval Vulnerability
2019-02-20 00:00:00

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

5.4 Medium

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.001 Low

EPSS

Percentile

47.1%

JSON
Related for CVE-2019-1666
prion1nvd1cisco1cvelist1