CVE-2019-1666 MEDIUM

CVE-2019-1666: Cisco HyperFlex Unauthenticated Statistics Retrieval Vulnerability

Vendor Cisco

Product Cisco HyperFlex HX-Series

Weakness CWE-284

Published February 21, 2019

Last update November 19, 2024

View on NVD All CVEs

CVSS base score

5.3/10

Attack vector Network

Attack complexity Low

Privileges required None

User interaction None

Confidentiality Low

Integrity None

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

What the vulnerability does

01Description

A vulnerability in the Graphite service of Cisco HyperFlex software could allow an unauthenticated, remote attacker to retrieve data from the Graphite service. The vulnerability is due to insufficient authentication controls. An attacker could exploit this vulnerability by sending crafted requests to the Graphite service. A successful exploit could allow the attacker to retrieve any statistics from the Graphite service. Versions prior to 3.5(2a) are affected.

Key dates

02Disclosure timeline

February 21, 2019 CVE published

November 19, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2019-1666

Related vulnerabilities

Identifiers

CVE CVE-2019-1666

CWE CWE-284

CVSS 5.3 / MEDIUM

Affected versions