3.0(1A)

CVSS 5.3 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

LOW

Integrity impact

NONE

Availability impact

NONE

network

low complexity

cisco

CWE-862

NVD

Published: 2018-10-05

Updated: 2020-09-16

Summary

A vulnerability in the web-based UI of Cisco HyperFlex HX Data Platform Software could allow an unauthenticated, remote attacker to access sensitive information on an affected system. The vulnerability is due to a lack of proper input and authorization of HTTP requests. An attacker could exploit this vulnerability by sending a malicious HTTP request to the web-based UI of an affected system. A successful exploit could allow the attacker to access files that may contain sensitive data.

Vulnerable Configurations

Part	Description	Count
Application	Cisco Cisco Hyperflex HX Data Platform 3.0\(1A\) Cisco Hyperflex HX Data Platform 2.6\(1D\)	2

Common Weakness Enumeration (CWE)

CWE-862 - Missing Authorization

References

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181003-hyperflex-uda