CVE-2018-15380

CVE Database · CVE-2018-15380

CVE-2018-15380

· N/AModified

CVSS v3.1

N/A

EPSS

1.13%

Published

Feb 20, 2019

Modified

Nov 21, 2024

Public PoC / Exploit

All weaponized →

No public PoC or exploit code indexed for this CVE.

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

A vulnerability in the cluster service manager of Cisco HyperFlex Software could allow an unauthenticated, adjacent attacker to execute commands as the root user. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by connecting to the cluster service manager and injecting commands into the bound process. A successful exploit could allow the attacker to run commands on the affected host as the root user. This vulnerability affects Cisco HyperFlex Software releases prior to 3.5(2a).

Weaknesses (CWE)

CWE-78CWE-78

Affected Products (2)

cisco · hyperflex_hx_data_platformvulnerable

References (4)

http://www.securityfocus.com/bid/107095

Third Party AdvisoryVDB Entry

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190220-hyperflex-injection

Vendor Advisory

http://www.securityfocus.com/bid/107095

Third Party AdvisoryVDB Entry

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190220-hyperflex-injection

Vendor Advisory

KEV Catalog EPSS Scores Vendors All CVEs