CVE-2019-1664

A vulnerability in the hxterm service of Cisco HyperFlex Software could allow an unauthenticated, local attacker to gain root access to all nodes in the cluster. The vulnerability is due to insufficient authentication controls. An attacker could exploit this vulnerability by connecting to the...

CVE-2019-1664 Cisco HyperFlex Software Unauthenticated Root Access Vulnerability

A vulnerability in the hxterm service of Cisco HyperFlex Software could allow an unauthenticated, local attacker to gain root access to all nodes in the cluster. The vulnerability is due to insufficient authentication controls. An attacker could exploit this vulnerability by connecting to the...

Cisco HyperFlex Software Remote Command Injection Vulnerability

Cisco HyperFlex Software is the United States Cisco Cisco company's set of scalable distributed file system. The system provides unified computing, storage and networking through cloud management, and provides enterprise-class data management and optimization services. A remote command injection...

CVE-2018-15380

A vulnerability in the cluster service manager of Cisco HyperFlex Software could allow an unauthenticated, adjacent attacker to execute commands as the root user. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by connecting to the cluster...

CVE-2018-15380

Cisco HyperFlex Software contains a vulnerability in the cluster service manager due to insufficient input validation. An unauthenticated, adjacent attacker can connect to the cluster service manager and inject commands into the bound process, enabling execution of commands on the affected host a...

Cisco HyperFlex Software Information Disclosure Vulnerability

Cisco HyperFlex Software is a scalable distributed file system from Cisco USA. The system provides unified compute, storage and networking through cloud management, providing enterprise-class data management and optimization services. An information disclosure vulnerability exists in the...

CVE-2018-15423

A vulnerability in the web UI of Cisco HyperFlex Software could allow an unauthenticated, remote attacker to affect the integrity of a device via a clickjacking attack. The vulnerability is due to insufficient input validation of iFrame data in HTTP requests that are sent to an affected device. A...

CVE-2018-15407

A vulnerability in the installation process of Cisco HyperFlex Software could allow an authenticated, local attacker to read sensitive information. The vulnerability is due to insufficient cleanup of installation files. An attacker could exploit this vulnerability by accessing the residual...

CVE-2018-15407

CVE-2018-15407 affects Cisco HyperFlex Software. Root cause: during installation, residual installation files are not properly cleaned up, enabling a local, authenticated attacker to read sensitive information about system configuration. The vulnerability is information disclosure via accessible ...

Cisco HyperFlex UI Clickjacking Vulnerability

A vulnerability in the web UI of Cisco HyperFlex Software could allow an unauthenticated, remote attacker to affect the integrity of a device via a clickjacking attack. The vulnerability is due to insufficient input validation of iFrame data in HTTP requests that are sent to an affected device. A...