Cisco Hyperflex Hx Data Platform
Recent Cisco Hyperflex Hx Data Platform Security Advisories
| Advisory | Title | Published |
|---|---|---|
| 2023-09-06 | Cisco HyperFlex HX Data Platform Open Redirect Vulnerability | September 6, 2023 |
| 2021-05-05 | Cisco HyperFlex HX Data Platform File Upload Vulnerability | May 5, 2021 |
By the Year
In 2024 there have been 0 vulnerabilities in Cisco Hyperflex Hx Data Platform . Last year Hyperflex Hx Data Platform had 1 security vulnerability published. Right now, Hyperflex Hx Data Platform is on track to have less security vulnerabilities in 2024 than it did last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2024 | 0 | 0.00 |
| 2023 | 1 | 6.10 |
| 2022 | 0 | 0.00 |
| 2021 | 0 | 0.00 |
| 2020 | 0 | 0.00 |
| 2019 | 6 | 6.68 |
| 2018 | 4 | 6.03 |
It may take a day or so for new Hyperflex Hx Data Platform vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Cisco Hyperflex Hx Data Platform Security Vulnerabilities
A vulnerability in the web-based management interface of Cisco HyperFlex HX Data Platform could
CVE-2023-20263
6.1 - Medium
- September 06, 2023
A vulnerability in the web-based management interface of Cisco HyperFlex HX Data Platform could allow an unauthenticated, remote attacker to redirect a user to a malicious web page. This vulnerability is due to improper input validation of the parameters in an HTTP request. An attacker could exploit this vulnerability by persuading a user to click a crafted link. A successful exploit could allow the attacker to redirect a user to a malicious website.
Open Redirect
A vulnerability in the web-based management interface of Cisco HyperFlex Software could
CVE-2019-1958
8.8 - High
- August 08, 2019
A vulnerability in the web-based management interface of Cisco HyperFlex Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. The vulnerability is due to insufficient CSRF protections for the web UI on an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to follow a malicious link. A successful exploit could allow the attacker to perform arbitrary actions with the privilege level of the affected user.
Session Riding
A vulnerability in the hxterm service of Cisco HyperFlex Software could
CVE-2019-1664
7.8 - High
- February 21, 2019
A vulnerability in the hxterm service of Cisco HyperFlex Software could allow an unauthenticated, local attacker to gain root access to all nodes in the cluster. The vulnerability is due to insufficient authentication controls. An attacker could exploit this vulnerability by connecting to the hxterm service as a non-privileged, local user. A successful exploit could allow the attacker to gain root access to all member nodes of the HyperFlex cluster. This vulnerability affects Cisco HyperFlex Software Releases prior to 3.5(2a).
Authorization
A vulnerability in the web-based management interface of Cisco HyperFlex software could
CVE-2019-1665
6.1 - Medium
- February 21, 2019
A vulnerability in the web-based management interface of Cisco HyperFlex software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected system. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected system. An attacker could exploit this vulnerability by persuading a user of the interface to click a maliciously crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. Versions prior to 3.5(1a) are affected.
XSS
A vulnerability in the Graphite service of Cisco HyperFlex software could
CVE-2019-1666
5.3 - Medium
- February 21, 2019
A vulnerability in the Graphite service of Cisco HyperFlex software could allow an unauthenticated, remote attacker to retrieve data from the Graphite service. The vulnerability is due to insufficient authentication controls. An attacker could exploit this vulnerability by sending crafted requests to the Graphite service. A successful exploit could allow the attacker to retrieve any statistics from the Graphite service. Versions prior to 3.5(2a) are affected.
Authorization
A vulnerability in the Graphite interface of Cisco HyperFlex software could
CVE-2019-1667
3.3 - Low
- February 21, 2019
A vulnerability in the Graphite interface of Cisco HyperFlex software could allow an authenticated, local attacker to write arbitrary data to the Graphite interface. The vulnerability is due to insufficient authorization controls. An attacker could exploit this vulnerability by connecting to the Graphite service and sending arbitrary data. A successful exploit could allow the attacker to write arbitrary data to Graphite, which could result in invalid statistics being presented in the interface. Versions prior to 3.5(2a) are affected.
AuthZ
A vulnerability in the cluster service manager of Cisco HyperFlex Software could
CVE-2018-15380
8.8 - High
- February 20, 2019
A vulnerability in the cluster service manager of Cisco HyperFlex Software could allow an unauthenticated, adjacent attacker to execute commands as the root user. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by connecting to the cluster service manager and injecting commands into the bound process. A successful exploit could allow the attacker to run commands on the affected host as the root user. This vulnerability affects Cisco HyperFlex Software releases prior to 3.5(2a).
Shell injection
A vulnerability in Cisco HyperFlex Software could allow an unauthenticated, remote attacker to generate valid, signed session tokens
CVE-2018-15382
8.6 - High
- October 05, 2018
A vulnerability in Cisco HyperFlex Software could allow an unauthenticated, remote attacker to generate valid, signed session tokens. The vulnerability is due to a static signing key that is present in all Cisco HyperFlex systems. An attacker could exploit this vulnerability by accessing the static signing key from one HyperFlex system and using it to generate valid, signed session tokens for another HyperFlex system. A successful exploit could allow the attacker to access the HyperFlex Web UI of a system for which they are not authorized.
External Control of Critical State Data
A vulnerability in the installation process of Cisco HyperFlex Software could
CVE-2018-15407
5.5 - Medium
- October 05, 2018
A vulnerability in the installation process of Cisco HyperFlex Software could allow an authenticated, local attacker to read sensitive information. The vulnerability is due to insufficient cleanup of installation files. An attacker could exploit this vulnerability by accessing the residual installation files on an affected system. A successful exploit could allow the attacker to collect sensitive information regarding the configuration of the system.
Insufficient Cleanup
A vulnerability in the web UI of Cisco HyperFlex Software could
CVE-2018-15423
4.7 - Medium
- October 05, 2018
A vulnerability in the web UI of Cisco HyperFlex Software could allow an unauthenticated, remote attacker to affect the integrity of a device via a clickjacking attack. The vulnerability is due to insufficient input validation of iFrame data in HTTP requests that are sent to an affected device. An attacker could exploit this vulnerability by sending crafted HTTP packets with malicious iFrame data. A successful exploit could allow the attacker to perform a clickjacking attack where the user is tricked into clicking a malicious link.
Clickjacking
A vulnerability in the web-based UI of Cisco HyperFlex HX Data Platform Software could
CVE-2018-15429
5.3 - Medium
- October 05, 2018
A vulnerability in the web-based UI of Cisco HyperFlex HX Data Platform Software could allow an unauthenticated, remote attacker to access sensitive information on an affected system. The vulnerability is due to a lack of proper input and authorization of HTTP requests. An attacker could exploit this vulnerability by sending a malicious HTTP request to the web-based UI of an affected system. A successful exploit could allow the attacker to access files that may contain sensitive data.
AuthZ
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Cisco Hyperflex Hx Data Platform or by Cisco? Click the Watch button to subscribe.
