PT-2019-14745 · Cisco · Cisco Hyperflex

Published

2019-02-21

Updated

2020-10-05

CVE-2019-1666

CVSS v3.1

5.3

Medium

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions Cisco HyperFlex software versions prior to 3.5(2a)

Description A vulnerability in the Graphite service could allow an unauthenticated, remote attacker to retrieve data due to insufficient authentication controls. An attacker could exploit this by sending crafted requests to the Graphite service, potentially allowing them to retrieve any statistics from the service.

Recommendations For versions prior to 3.5(2a), update to version 3.5(2a) or later to resolve the issue. As a temporary workaround, consider restricting access to the Graphite service to minimize the risk of exploitation.

Fix

Improper Access Control

Improper Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-284CWE-287

Related Identifiers

CVE-2019-1666

Affected Products

Cisco Hyperflex

PT-2019-14745 · Cisco · Cisco Hyperflex

CVE-2019-1666

Weakness Enumeration

Related Identifiers

Affected Products

References · 4