PT-2018-13029 · Cisco · Cisco Hyperflex Hx Data Platform

Published

2018-10-05

Updated

2020-09-16

CVE-2018-15429

CVSS v3.1

5.3

Medium

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions Cisco HyperFlex HX Data Platform Software (affected versions not specified)

Description A lack of proper input and authorization of HTTP requests in the web-based UI could allow an unauthenticated, remote attacker to access sensitive information on an affected system. The attacker could exploit this by sending a malicious HTTP request to the web-based UI. A successful exploit could allow the attacker to access files that may contain sensitive data.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Missing Authorization

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-862CWE-20

Related Identifiers

CVE-2018-15429

Affected Products

Cisco Hyperflex Hx Data Platform

PT-2018-13029 · Cisco · Cisco Hyperflex Hx Data Platform

CVE-2018-15429

Weakness Enumeration

Related Identifiers

Affected Products

References · 3