Details of VAR-201810-0599

ID

VAR-201810-0599

CVE

CVE-2018-15429

TITLE

Cisco HyperFlex HX Data Platform Information disclosure vulnerability in software

Trust: 0.8

sources: JVNDB: JVNDB-2018-012118

DESCRIPTION

A vulnerability in the web-based UI of Cisco HyperFlex HX Data Platform Software could allow an unauthenticated, remote attacker to access sensitive information on an affected system. The vulnerability is due to a lack of proper input and authorization of HTTP requests. An attacker could exploit this vulnerability by sending a malicious HTTP request to the web-based UI of an affected system. A successful exploit could allow the attacker to access files that may contain sensitive data. This may lead to further attacks. This issue is being tracked by Cisco bug ID CSCvi48372. The system provides unified computing, storage and network through cloud management, and provides enterprise-level data management and optimization services

Trust: 1.98

sources: NVD: CVE-2018-15429 // JVNDB: JVNDB-2018-012118 // BID: 105943 // VULHUB: VHN-125687

AFFECTED PRODUCTS

vendor:	cisco	model:	hyperflex hx data platform	scope:	eq	version:	3.0\(1a\)	Trust: 1.6
vendor:	cisco	model:	hyperflex hx data platform	scope:	eq	version:	2.6\(1d\)	Trust: 1.6
vendor:	cisco	model:	hyperflex	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	hyperflex hx data platform software	scope:	eq	version:	0	Trust: 0.3

sources: BID: 105943 // JVNDB: JVNDB-2018-012118 // CNNVD: CNNVD-201810-216 // NVD: CVE-2018-15429

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2018-15429
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2018-15429
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201810-216
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-125687
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2018-15429
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-125687
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2018-15429
baseSeverity:	MEDIUM
baseScore:	5.3
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	1.4
version:	3.1
Trust: 1.0
NVD:	CVE-2018-15429
baseSeverity:	MEDIUM
baseScore:	5.3
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-125687 // JVNDB: JVNDB-2018-012118 // CNNVD: CNNVD-201810-216 // NVD: CVE-2018-15429

PROBLEMTYPE DATA

problemtype:	CWE-862	Trust: 1.1
problemtype:	CWE-20	Trust: 1.0
problemtype:	CWE-200	Trust: 0.9

sources: VULHUB: VHN-125687 // JVNDB: JVNDB-2018-012118 // NVD: CVE-2018-15429

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201810-216

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201810-216

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-012118

PATCH

title:	cisco-sa-20181003-hyperflex-uda	url:	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181003-hyperflex-uda	Trust: 0.8
title:	Cisco HyperFlex HX Data Platform Software Enter the fix for the verification vulnerability	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=85430	Trust: 0.6

sources: JVNDB: JVNDB-2018-012118 // CNNVD: CNNVD-201810-216

EXTERNAL IDS

db:	NVD	id:	CVE-2018-15429	Trust: 2.8
db:	JVNDB	id:	JVNDB-2018-012118	Trust: 0.8
db:	CNNVD	id:	CNNVD-201810-216	Trust: 0.7
db:	BID	id:	105943	Trust: 0.3
db:	VULHUB	id:	VHN-125687	Trust: 0.1

sources: VULHUB: VHN-125687 // BID: 105943 // JVNDB: JVNDB-2018-012118 // CNNVD: CNNVD-201810-216 // NVD: CVE-2018-15429

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20181003-hyperflex-uda	Trust: 2.0
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-15429	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2018-15429	Trust: 0.8
url:	http://www.cisco.com/	Trust: 0.3

sources: VULHUB: VHN-125687 // BID: 105943 // JVNDB: JVNDB-2018-012118 // CNNVD: CNNVD-201810-216 // NVD: CVE-2018-15429

CREDITS

Cisco

Trust: 0.3

sources: BID: 105943

SOURCES

db:	VULHUB	id:	VHN-125687
db:	BID	id:	105943
db:	JVNDB	id:	JVNDB-2018-012118
db:	CNNVD	id:	CNNVD-201810-216
db:	NVD	id:	CVE-2018-15429

LAST UPDATE DATE

2024-11-23T22:41:40.166000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-125687	date:	2020-09-16T00:00:00
db:	BID	id:	105943	date:	2018-10-03T00:00:00
db:	JVNDB	id:	JVNDB-2018-012118	date:	2019-01-30T00:00:00
db:	CNNVD	id:	CNNVD-201810-216	date:	2020-09-17T00:00:00
db:	NVD	id:	CVE-2018-15429	date:	2024-11-21T03:50:46.663

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-125687	date:	2018-10-05T00:00:00
db:	BID	id:	105943	date:	2018-10-03T00:00:00
db:	JVNDB	id:	JVNDB-2018-012118	date:	2019-01-30T00:00:00
db:	CNNVD	id:	CNNVD-201810-216	date:	2018-10-08T00:00:00
db:	NVD	id:	CVE-2018-15429	date:	2018-10-05T14:29:11.670