PT-2018-13029 · Cisco · Cisco Hyperflex Hx Data Platform

Publicado

2018-10-05

Atualizado

2020-09-16

CVE-2018-15429

CVSS v3.1

5.3

Média

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions Cisco HyperFlex HX Data Platform Software (affected versions not specified)

Description A lack of proper input and authorization of HTTP requests in the web-based UI could allow an unauthenticated, remote attacker to access sensitive information on an affected system. The attacker could exploit this by sending a malicious HTTP request to the web-based UI. A successful exploit could allow the attacker to access files that may contain sensitive data.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Missing Authorization

RCE

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-862CWE-20

Identificadores relacionados

CVE-2018-15429

Produtos afetados

Cisco Hyperflex Hx Data Platform

PT-2018-13029 · Cisco · Cisco Hyperflex Hx Data Platform

CVE-2018-15429

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 3