Main Vulnerability Database Vulnerabilities #VU17835

Security restrictions bypass in Cisco HyperFlex - CVE-2019-1667

Published: February 22, 2019

Vulnerability identifier: #VU17835

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2019-1667

CWE-ID: CWE-345

Exploitation vector: Local access

Exploit availability: No public exploit available

Vendor: Cisco Systems, Inc

Affected software:
Cisco HyperFlex

Detailed vulnerability description

The vulnerability allows a local unauthenticated attacker to bypass security restrictions on the target system.

The vulnerability exists in the Graphite interface due to insufficient authorization controls. A local unauthenticated attacker can connect to the Graphite service and send arbitrary data to bypass security restrictions and write arbitrary data to Graphite, which could result in invalid statistics being presented in the interface.

How to mitigate CVE-2019-1667

Update to version 3.5(2a).

Sources

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190220-hyper-write

Security restrictions bypass in Cisco HyperFlex - CVE-2019-1667

Detailed vulnerability description

How to mitigate CVE-2019-1667

Sources

Please verify you're human