CVE-2018-15380
Summary
| CVE | CVE-2018-15380 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2019-02-20 23:29:00 UTC |
| Updated | 2019-10-09 23:35:00 UTC |
| Description | A vulnerability in the cluster service manager of Cisco HyperFlex Software could allow an unauthenticated, adjacent attacker to execute commands as the root user. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by connecting to the cluster service manager and injecting commands into the bound process. A successful exploit could allow the attacker to run commands on the affected host as the root user. This vulnerability affects Cisco HyperFlex Software releases prior to 3.5(2a). |
Risk And Classification
Problem Types: CWE-78
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Cisco | Hyperflex Hx Data Platform | 3.0(1a) | All | All | All |
| Application | Cisco | Hyperflex Hx Data Platform | 3.0\(1a\) | All | All | All |
| Application | Cisco | Hyperflex Hx Data Platform | 3.5(1a) | All | All | All |
| Application | Cisco | Hyperflex Hx Data Platform | 3.5\(1a\) | All | All | All |
| Application | Cisco | Hyperflex Hx Data Platform | 3.0\(1a\) | All | All | All |
| Application | Cisco | Hyperflex Hx Data Platform | 3.5\(1a\) | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Cisco HyperFlex Software Command Injection Vulnerability | CISCO | tools.cisco.com | Vendor Advisory |
| Malformed Request | BID | www.securityfocus.com | Third Party Advisory, VDB Entry |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.