FKIE_CVE-2019-1664

Vulnerability from fkie_nvd - Published: 2019-02-21 19:29 - Updated: 2024-11-21 04:37
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
A vulnerability in the hxterm service of Cisco HyperFlex Software could allow an unauthenticated, local attacker to gain root access to all nodes in the cluster. The vulnerability is due to insufficient authentication controls. An attacker could exploit this vulnerability by connecting to the hxterm service as a non-privileged, local user. A successful exploit could allow the attacker to gain root access to all member nodes of the HyperFlex cluster. This vulnerability affects Cisco HyperFlex Software Releases prior to 3.5(2a).
References
psirt@cisco.comhttp://www.securityfocus.com/bid/107103Third Party Advisory, VDB Entry
psirt@cisco.comhttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190220-chn-root-accessVendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/107103Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190220-chn-root-accessVendor Advisory
Impacted products
Vendor Product Version
cisco hyperflex_hx_data_platform 2.6\(1a\)
cisco hyperflex_hx_data_platform 2.6\(1b\)
cisco hyperflex_hx_data_platform 2.6\(1d\)
cisco hyperflex_hx_data_platform 2.6\(1e\)
cisco hyperflex_hx_data_platform 3.0\(1a\)
cisco hyperflex_hx_data_platform 3.0\(1b\)
cisco hyperflex_hx_data_platform 3.0\(1c\)
cisco hyperflex_hx_data_platform 3.0\(1d\)
cisco hyperflex_hx_data_platform 3.0\(1e\)
cisco hyperflex_hx_data_platform 3.0\(1h\)
cisco hyperflex_hx_data_platform 3.0\(1i\)
cisco hyperflex_hx_data_platform 3.5\(1a\)
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:hyperflex_hx_data_platform:2.6\\(1a\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "0D56AD98-9D0D-4ECA-8766-4F19A33F954D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:hyperflex_hx_data_platform:2.6\\(1b\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "1CEF2FCB-304F-4BDE-9668-C610ECBC2EBD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:hyperflex_hx_data_platform:2.6\\(1d\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "F4F1BF1D-5DC7-4F8A-BC50-D5ED26D4C015",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:hyperflex_hx_data_platform:2.6\\(1e\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "9831733F-FD4F-4603-B5E9-F4C87214E8AA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:hyperflex_hx_data_platform:3.0\\(1a\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "FF61D59F-2C04-4210-87C4-9F6C11EEAC7B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:hyperflex_hx_data_platform:3.0\\(1b\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "0E56E757-9DDB-49E1-A00A-1EFFB751E3D9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:hyperflex_hx_data_platform:3.0\\(1c\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "BD4BC158-9304-4C85-B054-549083B6A7F5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:hyperflex_hx_data_platform:3.0\\(1d\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "158B80ED-1BB9-44AE-A321-F313F25062D2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:hyperflex_hx_data_platform:3.0\\(1e\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "DB7222C3-1EC3-4B30-A45E-987A995F3E7C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:hyperflex_hx_data_platform:3.0\\(1h\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "2976280F-1B13-45A6-93A2-020F1AE86DA1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:hyperflex_hx_data_platform:3.0\\(1i\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "B14891F1-CA29-4D9A-9733-C654EB225CF8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:hyperflex_hx_data_platform:3.5\\(1a\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "7C0D94A1-59E4-4830-B438-C71AD1C19467",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A vulnerability in the hxterm service of Cisco HyperFlex Software could allow an unauthenticated, local attacker to gain root access to all nodes in the cluster. The vulnerability is due to insufficient authentication controls. An attacker could exploit this vulnerability by connecting to the hxterm service as a non-privileged, local user. A successful exploit could allow the attacker to gain root access to all member nodes of the HyperFlex cluster. This vulnerability affects Cisco HyperFlex Software Releases prior to 3.5(2a)."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad en el servicio hxterm del software HyperFlex de Cisco podr\u00eda permitir a un atacante local no autenticado obtener acceso root a todos los nodos en el cl\u00faster. Esta vulnerabilidad se debe a controles de autenticaci\u00f3n insuficientes. Un atacante podr\u00eda explotar esta vulnerabilidad conect\u00e1ndose al servicio hxterm con usuario local sin privilegios. Una explotaci\u00f3n exitosa podr\u00eda permitir que un atacante obtenga acceso root a todos los nodos miembro del cl\u00faster HyperFlex. Esta vulnerabilidad afecta a las distribuciones del software HyperFlex de Cisco anteriores a la 3.5(2a)."
    }
  ],
  "id": "CVE-2019-1664",
  "lastModified": "2024-11-21T04:37:02.840",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 7.2,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 8.1,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 1.4,
        "impactScore": 6.0,
        "source": "psirt@cisco.com",
        "type": "Secondary"
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2019-02-21T19:29:00.367",
  "references": [
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/107103"
    },
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190220-chn-root-access"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/107103"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190220-chn-root-access"
    }
  ],
  "sourceIdentifier": "psirt@cisco.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-284"
        }
      ],
      "source": "psirt@cisco.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-287"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.