Multiple vulnerabilities in Cisco HyperFlex
| Risk | Medium |
| Patch available | YES |
| Number of vulnerabilities | 5 |
| CVE-ID | CVE-2019-1665 CVE-2018-15380 CVE-2019-1667 CVE-2019-1664 CVE-2019-1666 |
| CWE-ID | CWE-79 CWE-78 CWE-345 CWE-264 CWE-200 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software Subscribe |
Cisco HyperFlex Hardware solutions / Office equipment, IP-phones, print servers |
| Vendor | Cisco Systems, Inc |
Security Bulletin
This security bulletin contains information about 5 vulnerabilities.
1) Cross-site scripting
EUVDB-ID: #VU17833
Risk: Low
CVSSv3.1: 4.1 [CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2019-1665
CWE-ID:
CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Exploit availability: No
DescriptionThe disclosed vulnerability allows a remote attacker to perform stored cross-site scripting (XSS) attacks.
The vulnerability exists in the web-based management interface due to insufficient sanitization of user-supplied data. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.
MitigationUpdate to version 3.5(1a).
Vulnerable software versionsCisco HyperFlex: 3.0.1a
External linkshttp://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190220-hyper-xss
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) OS Command Injection
EUVDB-ID: #VU17834
Risk: Medium
CVSSv3.1: 7.7 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2018-15380
CWE-ID:
CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Exploit availability: No
DescriptionThe vulnerability allows an adjacent attacker to execute arbitrary shell commands on the target system.
The vulnerability exists in the cluster service manager due to insufficient input validation. An adjacent unauthenticated attacker can connect to the cluster service manager and inject commands into the bound process to run commands on the affected host as the root user..
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationUpdate to version 3.5(2a).
Vulnerable software versionsCisco HyperFlex: 3.0.1a - 3.5.1a
External linksQ & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Security restrictions bypass
EUVDB-ID: #VU17835
Risk: Low
CVSSv3.1: 3.5 [CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2019-1667
CWE-ID:
CWE-345 - Insufficient Verification of Data Authenticity
Exploit availability: No
DescriptionThe vulnerability allows a local unauthenticated attacker to bypass security restrictions on the target system.
The vulnerability exists in the Graphite interface due to insufficient authorization controls. A local unauthenticated attacker can connect to the Graphite service and send arbitrary data to bypass security restrictions and write arbitrary data to Graphite, which could result in invalid statistics being presented in the interface.
MitigationUpdate to version 3.5(2a).
Vulnerable software versionsCisco HyperFlex: 3.0.1a - 3.5.1a
External linkshttp://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190220-hyper-write
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Privilege escalation
EUVDB-ID: #VU17836
Risk: Low
CVSSv3.1: 7.1 [CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2019-1664
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local unauthenticated attacker to gain elevated privileges on the target system.
The vulnerability exists in the hxterm service due to insufficient authentication controls. A local unauthenticated attacker can connect to the hxterm service as a non-privileged, local user and gain root access to all member nodes of the HyperFlex cluster.
MitigationUpdate to version 3.5(2a).
Vulnerable software versionsCisco HyperFlex: 3.0.1a - 3.5.1a
External linksQ & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.
The attacker would have to login to the system and perform certain actions in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Information disclosure
EUVDB-ID: #VU17837
Risk: Low
CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2019-1666
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a remote unauthenticated attacker to obtain potentially sensitive information on the target system.
The vulnerability exists in the Graphite service due to insufficient authentication controls. A remote attacker can send specially crafted requests to the Graphite service and retrieve any statistics from the Graphite service.
MitigationUpdate to version 3.5(2a).
Vulnerable software versionsCisco HyperFlex: 3.0.1a - 3.5.1a
External linksQ & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected device in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
