CVE-2019-1664 HIGH

CVE-2019-1664: Cisco HyperFlex Software Unauthenticated Root Access Vulnerability

Vendor Cisco
Product Cisco HyperFlex HX-Series
Weakness CWE-284
Published February 21, 2019
Last update November 20, 2024

CVSS base score

8.1/10
Attack vector Local
Attack complexity High
Privileges required None
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

What the vulnerability does

01Description

A vulnerability in the hxterm service of Cisco HyperFlex Software could allow an unauthenticated, local attacker to gain root access to all nodes in the cluster. The vulnerability is due to insufficient authentication controls. An attacker could exploit this vulnerability by connecting to the hxterm service as a non-privileged, local user. A successful exploit could allow the attacker to gain root access to all member nodes of the HyperFlex cluster. This vulnerability affects Cisco HyperFlex Software Releases prior to 3.5(2a).

Key dates

02Disclosure timeline

February 21, 2019 CVE published
November 20, 2024 Record updated