{"containers": {"cna": {"affected": [{"product": "Cisco HyperFlex HX-Series", "vendor": "Cisco", "versions": [{"lessThan": "3.5(2a)", "status": "affected", "version": "unspecified", "versionType": "custom"}]}], "datePublic": "2019-02-20T00:00:00", "descriptions": [{"lang": "en", "value": "A vulnerability in the hxterm service of Cisco HyperFlex Software could allow an unauthenticated, local attacker to gain root access to all nodes in the cluster. The vulnerability is due to insufficient authentication controls. An attacker could exploit this vulnerability by connecting to the hxterm service as a non-privileged, local user. A successful exploit could allow the attacker to gain root access to all member nodes of the HyperFlex cluster. This vulnerability affects Cisco HyperFlex Software Releases prior to 3.5(2a)."}], "exploits": [{"lang": "en", "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."}], "metrics": [{"cvssV3_0": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.0"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-284", "description": "CWE-284", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2019-02-22T10:57:01", "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco"}, "references": [{"name": "20190220 Cisco HyperFlex Software Unauthenticated Root Access Vulnerability", "tags": ["vendor-advisory", "x_refsource_CISCO"], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190220-chn-root-access"}, {"name": "107103", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/107103"}], "source": {"advisory": "cisco-sa-20190220-chn-root-access", "defect": [["CSCvk31047"]], "discovery": "INTERNAL"}, "title": "Cisco HyperFlex Software Unauthenticated Root Access Vulnerability", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@cisco.com", "DATE_PUBLIC": "2019-02-20T16:00:00-0800", "ID": "CVE-2019-1664", "STATE": "PUBLIC", "TITLE": "Cisco HyperFlex Software Unauthenticated Root Access Vulnerability"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Cisco HyperFlex HX-Series", "version": {"version_data": [{"affected": "<", "version_affected": "<", "version_value": "3.5(2a)"}]}}]}, "vendor_name": "Cisco"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A vulnerability in the hxterm service of Cisco HyperFlex Software could allow an unauthenticated, local attacker to gain root access to all nodes in the cluster. The vulnerability is due to insufficient authentication controls. An attacker could exploit this vulnerability by connecting to the hxterm service as a non-privileged, local user. A successful exploit could allow the attacker to gain root access to all member nodes of the HyperFlex cluster. This vulnerability affects Cisco HyperFlex Software Releases prior to 3.5(2a)."}]}, "exploit": [{"lang": "en", "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."}], "impact": {"cvss": {"baseScore": "8.1", "vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.0"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-284"}]}]}, "references": {"reference_data": [{"name": "20190220 Cisco HyperFlex Software Unauthenticated Root Access Vulnerability", "refsource": "CISCO", "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190220-chn-root-access"}, {"name": "107103", "refsource": "BID", "url": "http://www.securityfocus.com/bid/107103"}]}, "source": {"advisory": "cisco-sa-20190220-chn-root-access", "defect": [["CSCvk31047"]], "discovery": "INTERNAL"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T18:20:28.357Z"}, "title": "CVE Program Container", "references": [{"name": "20190220 Cisco HyperFlex Software Unauthenticated Root Access Vulnerability", "tags": ["vendor-advisory", "x_refsource_CISCO", "x_transferred"], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190220-chn-root-access"}, {"name": "107103", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/107103"}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-11-20T16:55:57.920082Z", "id": "CVE-2019-1664", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-11-20T17:27:50.205Z"}}]}, "cveMetadata": {"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "assignerShortName": "cisco", "cveId": "CVE-2019-1664", "datePublished": "2019-02-21T19:00:00Z", "dateReserved": "2018-12-06T00:00:00", "dateUpdated": "2024-11-20T17:27:50.205Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190220-chn-root-access", "name": "20190220 Cisco HyperFlex Software Unauthenticated Root Access Vulnerability", "tags": ["vendor-advisory", "x_refsource_CISCO", "x_transferred"]}, {"url": "http://www.securityfocus.com/bid/107103", "name": "107103", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T18:20:28.357Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2019-1664", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-11-20T16:55:57.920082Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-11-20T16:56:50.197Z"}}], "cna": {"title": "Cisco HyperFlex Software Unauthenticated Root Access Vulnerability", "source": {"defect": [["CSCvk31047"]], "advisory": "cisco-sa-20190220-chn-root-access", "discovery": "INTERNAL"}, "metrics": [{"cvssV3_0": {"scope": "CHANGED", "version": "3.0", "baseScore": 8.1, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "Cisco", "product": "Cisco HyperFlex HX-Series", "versions": [{"status": "affected", "version": "unspecified", "lessThan": "3.5(2a)", "versionType": "custom"}]}], "exploits": [{"lang": "en", "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."}], "datePublic": "2019-02-20T00:00:00", "references": [{"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190220-chn-root-access", "name": "20190220 Cisco HyperFlex Software Unauthenticated Root Access Vulnerability", "tags": ["vendor-advisory", "x_refsource_CISCO"]}, {"url": "http://www.securityfocus.com/bid/107103", "name": "107103", "tags": ["vdb-entry", "x_refsource_BID"]}], "descriptions": [{"lang": "en", "value": "A vulnerability in the hxterm service of Cisco HyperFlex Software could allow an unauthenticated, local attacker to gain root access to all nodes in the cluster. The vulnerability is due to insufficient authentication controls. An attacker could exploit this vulnerability by connecting to the hxterm service as a non-privileged, local user. A successful exploit could allow the attacker to gain root access to all member nodes of the HyperFlex cluster. This vulnerability affects Cisco HyperFlex Software Releases prior to 3.5(2a)."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-284", "description": "CWE-284"}]}], "providerMetadata": {"orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco", "dateUpdated": "2019-02-22T10:57:01"}, "x_legacyV4Record": {"impact": {"cvss": {"version": "3.0", "baseScore": "8.1", "vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H"}}, "source": {"defect": [["CSCvk31047"]], "advisory": "cisco-sa-20190220-chn-root-access", "discovery": "INTERNAL"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"version": {"version_data": [{"affected": "<", "version_value": "3.5(2a)", "version_affected": "<"}]}, "product_name": "Cisco HyperFlex HX-Series"}]}, "vendor_name": "Cisco"}]}}, "exploit": [{"lang": "en", "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory."}], "data_type": "CVE", "references": {"reference_data": [{"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190220-chn-root-access", "name": "20190220 Cisco HyperFlex Software Unauthenticated Root Access Vulnerability", "refsource": "CISCO"}, {"url": "http://www.securityfocus.com/bid/107103", "name": "107103", "refsource": "BID"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "eng", "value": "A vulnerability in the hxterm service of Cisco HyperFlex Software could allow an unauthenticated, local attacker to gain root access to all nodes in the cluster. The vulnerability is due to insufficient authentication controls. An attacker could exploit this vulnerability by connecting to the hxterm service as a non-privileged, local user. A successful exploit could allow the attacker to gain root access to all member nodes of the HyperFlex cluster. This vulnerability affects Cisco HyperFlex Software Releases prior to 3.5(2a)."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-284"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2019-1664", "STATE": "PUBLIC", "TITLE": "Cisco HyperFlex Software Unauthenticated Root Access Vulnerability", "ASSIGNER": "psirt@cisco.com", "DATE_PUBLIC": "2019-02-20T16:00:00-0800"}}}}, "cveMetadata": {"cveId": "CVE-2019-1664", "state": "PUBLISHED", "dateUpdated": "2024-11-20T17:27:50.205Z", "dateReserved": "2018-12-06T00:00:00", "assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "datePublished": "2019-02-21T19:00:00Z", "assignerShortName": "cisco"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:cisco:hyperflex_hx_data_platform:2.6\\(1a\\):*:*:*:*:*:*:*", "matchCriteriaId": "0D56AD98-9D0D-4ECA-8766-4F19A33F954D", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:hyperflex_hx_data_platform:2.6\\(1b\\):*:*:*:*:*:*:*", "matchCriteriaId": "1CEF2FCB-304F-4BDE-9668-C610ECBC2EBD", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:hyperflex_hx_data_platform:2.6\\(1d\\):*:*:*:*:*:*:*", "matchCriteriaId": "F4F1BF1D-5DC7-4F8A-BC50-D5ED26D4C015", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:hyperflex_hx_data_platform:2.6\\(1e\\):*:*:*:*:*:*:*", "matchCriteriaId": "9831733F-FD4F-4603-B5E9-F4C87214E8AA", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:hyperflex_hx_data_platform:3.0\\(1a\\):*:*:*:*:*:*:*", "matchCriteriaId": "FF61D59F-2C04-4210-87C4-9F6C11EEAC7B", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:hyperflex_hx_data_platform:3.0\\(1b\\):*:*:*:*:*:*:*", "matchCriteriaId": "0E56E757-9DDB-49E1-A00A-1EFFB751E3D9", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:hyperflex_hx_data_platform:3.0\\(1c\\):*:*:*:*:*:*:*", "matchCriteriaId": "BD4BC158-9304-4C85-B054-549083B6A7F5", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:hyperflex_hx_data_platform:3.0\\(1d\\):*:*:*:*:*:*:*", "matchCriteriaId": "158B80ED-1BB9-44AE-A321-F313F25062D2", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:hyperflex_hx_data_platform:3.0\\(1e\\):*:*:*:*:*:*:*", "matchCriteriaId": "DB7222C3-1EC3-4B30-A45E-987A995F3E7C", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:hyperflex_hx_data_platform:3.0\\(1h\\):*:*:*:*:*:*:*", "matchCriteriaId": "2976280F-1B13-45A6-93A2-020F1AE86DA1", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:hyperflex_hx_data_platform:3.0\\(1i\\):*:*:*:*:*:*:*", "matchCriteriaId": "B14891F1-CA29-4D9A-9733-C654EB225CF8", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:hyperflex_hx_data_platform:3.5\\(1a\\):*:*:*:*:*:*:*", "matchCriteriaId": "7C0D94A1-59E4-4830-B438-C71AD1C19467", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability in the hxterm service of Cisco HyperFlex Software could allow an unauthenticated, local attacker to gain root access to all nodes in the cluster. The vulnerability is due to insufficient authentication controls. An attacker could exploit this vulnerability by connecting to the hxterm service as a non-privileged, local user. A successful exploit could allow the attacker to gain root access to all member nodes of the HyperFlex cluster. This vulnerability affects Cisco HyperFlex Software Releases prior to 3.5(2a)."}, {"lang": "es", "value": "Una vulnerabilidad en el servicio hxterm del software HyperFlex de Cisco podr\u00eda permitir a un atacante local no autenticado obtener acceso root a todos los nodos en el cl\u00faster. Esta vulnerabilidad se debe a controles de autenticaci\u00f3n insuficientes. Un atacante podr\u00eda explotar esta vulnerabilidad conect\u00e1ndose al servicio hxterm con usuario local sin privilegios. Una explotaci\u00f3n exitosa podr\u00eda permitir que un atacante obtenga acceso root a todos los nodos miembro del cl\u00faster HyperFlex. Esta vulnerabilidad afecta a las distribuciones del software HyperFlex de Cisco anteriores a la 3.5(2a)."}], "id": "CVE-2019-1664", "lastModified": "2020-10-05T20:21:37.210", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.2, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 1.4, "impactScore": 6.0, "source": "ykramarz@cisco.com", "type": "Secondary"}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-02-21T19:29:00.367", "references": [{"source": "ykramarz@cisco.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/107103"}, {"source": "ykramarz@cisco.com", "tags": ["Vendor Advisory"], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190220-chn-root-access"}], "sourceIdentifier": "ykramarz@cisco.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-287"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-284"}], "source": "ykramarz@cisco.com", "type": "Secondary"}]}

{}