Details of VAR-201810-0623

ID

VAR-201810-0623

CVE

CVE-2018-15407

TITLE

Cisco HyperFlex Information disclosure vulnerability in software

Trust: 0.8

sources: JVNDB: JVNDB-2018-012120

DESCRIPTION

A vulnerability in the installation process of Cisco HyperFlex Software could allow an authenticated, local attacker to read sensitive information. The vulnerability is due to insufficient cleanup of installation files. An attacker could exploit this vulnerability by accessing the residual installation files on an affected system. A successful exploit could allow the attacker to collect sensitive information regarding the configuration of the system. Cisco HyperFlex The software contains an information disclosure vulnerability.Information may be obtained. This issue is being tracked by Cisco bug ID CSCvk59406. Cisco HyperFlex Software is a set of scalable distributed file system of Cisco (Cisco). The system provides unified computing, storage and network through cloud management, and provides enterprise-level data management and optimization services

Trust: 1.98

sources: NVD: CVE-2018-15407 // JVNDB: JVNDB-2018-012120 // BID: 105698 // VULHUB: VHN-125663

AFFECTED PRODUCTS

vendor:	cisco	model:	hyperflex hx data platform	scope:	eq	version:	3.0\(1a\)	Trust: 1.6
vendor:	cisco	model:	hyperflex	scope:	-	version:	-	Trust: 0.8
vendor:	cisco	model:	hyperflex software	scope:	eq	version:	0	Trust: 0.3

sources: BID: 105698 // JVNDB: JVNDB-2018-012120 // CNNVD: CNNVD-201810-198 // NVD: CVE-2018-15407

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2018-15407
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2018-15407
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201810-198
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-125663
value:	LOW
Trust: 0.1

nvd@nist.gov:	CVE-2018-15407
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-125663
severity:	LOW
baseScore:	2.1
vectorString:	AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2018-15407
baseSeverity:	MEDIUM
baseScore:	5.5
vectorString:	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	1.8
impactScore:	3.6
version:	3.1
Trust: 1.0
NVD:	CVE-2018-15407
baseSeverity:	MEDIUM
baseScore:	5.5
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-125663 // JVNDB: JVNDB-2018-012120 // CNNVD: CNNVD-201810-198 // NVD: CVE-2018-15407

PROBLEMTYPE DATA

problemtype:	CWE-200	Trust: 1.9
problemtype:	CWE-459	Trust: 1.1

sources: VULHUB: VHN-125663 // JVNDB: JVNDB-2018-012120 // NVD: CVE-2018-15407

THREAT TYPE

local

Trust: 0.9

sources: BID: 105698 // CNNVD: CNNVD-201810-198

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201810-198

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-012120

PATCH

title:	cisco-sa-20181003-hyperflex-info	url:	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181003-hyperflex-info	Trust: 0.8
title:	Cisco HyperFlex Software Repair measures for information disclosure vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=85412	Trust: 0.6

sources: JVNDB: JVNDB-2018-012120 // CNNVD: CNNVD-201810-198

EXTERNAL IDS

db:	NVD	id:	CVE-2018-15407	Trust: 2.8
db:	JVNDB	id:	JVNDB-2018-012120	Trust: 0.8
db:	CNNVD	id:	CNNVD-201810-198	Trust: 0.7
db:	BID	id:	105698	Trust: 0.3
db:	VULHUB	id:	VHN-125663	Trust: 0.1

sources: VULHUB: VHN-125663 // BID: 105698 // JVNDB: JVNDB-2018-012120 // CNNVD: CNNVD-201810-198 // NVD: CVE-2018-15407

REFERENCES

url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20181003-hyperflex-info	Trust: 2.0
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-15407	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2018-15407	Trust: 0.8
url:	http://www.cisco.com/	Trust: 0.3

sources: VULHUB: VHN-125663 // BID: 105698 // JVNDB: JVNDB-2018-012120 // CNNVD: CNNVD-201810-198 // NVD: CVE-2018-15407

CREDITS

Cisco

Trust: 0.3

sources: BID: 105698

SOURCES

db:	VULHUB	id:	VHN-125663
db:	BID	id:	105698
db:	JVNDB	id:	JVNDB-2018-012120
db:	CNNVD	id:	CNNVD-201810-198
db:	NVD	id:	CVE-2018-15407

LAST UPDATE DATE

2024-11-23T22:12:18.963000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-125663	date:	2020-08-31T00:00:00
db:	BID	id:	105698	date:	2018-10-03T00:00:00
db:	JVNDB	id:	JVNDB-2018-012120	date:	2019-01-30T00:00:00
db:	CNNVD	id:	CNNVD-201810-198	date:	2020-09-02T00:00:00
db:	NVD	id:	CVE-2018-15407	date:	2024-11-21T03:50:43.440

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-125663	date:	2018-10-05T00:00:00
db:	BID	id:	105698	date:	2018-10-03T00:00:00
db:	JVNDB	id:	JVNDB-2018-012120	date:	2019-01-30T00:00:00
db:	CNNVD	id:	CNNVD-201810-198	date:	2018-10-08T00:00:00
db:	NVD	id:	CVE-2018-15407	date:	2018-10-05T14:29:09.137