Sign-up

ID

VAR-201902-0551


CVE

CVE-2018-15380


TITLE

Cisco HyperFlex In software OS Command injection vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2018-014615

DESCRIPTION

A vulnerability in the cluster service manager of Cisco HyperFlex Software could allow an unauthenticated, adjacent attacker to execute commands as the root user. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by connecting to the cluster service manager and injecting commands into the bound process. A successful exploit could allow the attacker to run commands on the affected host as the root user. This vulnerability affects Cisco HyperFlex Software releases prior to 3.5(2a). Cisco HyperFlex The software includes OS A command injection vulnerability exists.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. This issue is being tracked by Cisco Bug ID CSCvj95606. The system provides unified computing, storage and network through cloud management, and provides enterprise-level data management and optimization services

Trust: 1.98

sources: NVD: CVE-2018-15380 // JVNDB: JVNDB-2018-014615 // BID: 107095 // VULHUB: VHN-125634

AFFECTED PRODUCTS

vendor:ciscomodel:hyperflex hx data platformscope:eqversion:3.5\(1a\)

Trust: 1.0

vendor:ciscomodel:hyperflex hx data platformscope:eqversion:3.0\(1a\)

Trust: 1.0

vendor:ciscomodel:hyperflexscope:ltversion:3.5(2a)

Trust: 0.8

vendor:ciscomodel:hyperflex software 3.5scope: - version: -

Trust: 0.3

vendor:ciscomodel:hyperflex software 3.0scope: - version: -

Trust: 0.3

vendor:ciscomodel:hyperflex software 3.5scope:neversion: -

Trust: 0.3

sources: BID: 107095 // JVNDB: JVNDB-2018-014615 // NVD: CVE-2018-15380

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-15380
value: HIGH

Trust: 1.0

ykramarz@cisco.com: CVE-2018-15380
value: HIGH

Trust: 1.0

NVD: CVE-2018-15380
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201902-773
value: HIGH

Trust: 0.6

VULHUB: VHN-125634
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2018-15380
severity: HIGH
baseScore: 8.3
vectorString: AV:A/AC:L/AU:N/C:C/I:C/A:C
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 6.5
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-125634
severity: HIGH
baseScore: 8.3
vectorString: AV:A/AC:L/AU:N/C:C/I:C/A:C
accessVector: ADJACENT_NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 6.5
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2018-15380
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: ADJACENT
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.0

Trust: 2.8

sources: VULHUB: VHN-125634 // JVNDB: JVNDB-2018-014615 // CNNVD: CNNVD-201902-773 // NVD: CVE-2018-15380 // NVD: CVE-2018-15380

PROBLEMTYPE DATA

problemtype:CWE-78

Trust: 1.9

sources: VULHUB: VHN-125634 // JVNDB: JVNDB-2018-014615 // NVD: CVE-2018-15380

THREAT TYPE

remote or local

Trust: 0.6

sources: CNNVD: CNNVD-201902-773

TYPE

operating system commend injection

Trust: 0.6

sources: CNNVD: CNNVD-201902-773

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-014615

PATCH
title:cisco-sa-20190220-hyperflex-injectionurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190220-hyperflex-injection
Trust: 0.8
title:Cisco HyperFlex Software Fixes for operating system command injection vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=89570
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2018-014615 // 
            
            
            
            CNNVD: CNNVD-201902-773

EXTERNAL IDS
db:NVDid:CVE-2018-15380
Trust: 2.8
db:BIDid:107095
Trust: 2.0
db:JVNDBid:JVNDB-2018-014615
Trust: 0.8
db:CNNVDid:CNNVD-201902-773
Trust: 0.7
db:NSFOCUSid:42807
Trust: 0.6
db:AUSCERTid:ESB-2019.0532.3
Trust: 0.6
db:VULHUBid:VHN-125634
Trust: 0.1
sources:
            
            
            VULHUB: VHN-125634 // 
            
            
            
            BID: 107095 // 
            
            
            
            JVNDB: JVNDB-2018-014615 // 
            
            
            
            CNNVD: CNNVD-201902-773 // 
            
            
            
            NVD: CVE-2018-15380

REFERENCES
url:http://www.securityfocus.com/bid/107095
Trust: 2.3
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190220-hyperflex-injection
Trust: 2.0
url:https://nvd.nist.gov/vuln/detail/cve-2018-15380
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-15380
Trust: 0.8
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190220-hyper-xss
Trust: 0.6
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190220-hyper-retrieve
Trust: 0.6
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190220-chn-root-access
Trust: 0.6
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190220-hyper-write
Trust: 0.6
url:https://www.auscert.org.au/bulletins/75874
Trust: 0.6
url:https://www.auscert.org.au/bulletins/esb-2019.0532.3/
Trust: 0.6
url:http://www.nsfocus.net/vulndb/42807
Trust: 0.6
url:http://www.cisco.com/
Trust: 0.3
sources:
            
            
            VULHUB: VHN-125634 // 
            
            
            
            BID: 107095 // 
            
            
            
            JVNDB: JVNDB-2018-014615 // 
            
            
            
            CNNVD: CNNVD-201902-773 // 
            
            
            
            NVD: CVE-2018-15380

CREDITS
This vulnerability was found during internal security testing.,Cisco ??,The vendor reported this issue.
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-201902-773

SOURCES
db:VULHUBid:VHN-125634
db:BIDid:107095
db:JVNDBid:JVNDB-2018-014615
db:CNNVDid:CNNVD-201902-773
db:NVDid:CVE-2018-15380

LAST UPDATE DATE
2024-11-23T21:52:30.310000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-125634date:2019-10-09T00:00:00
db:BIDid:107095date:2019-02-20T00:00:00
db:JVNDBid:JVNDB-2018-014615date:2019-03-29T00:00:00
db:CNNVDid:CNNVD-201902-773date:2019-10-24T00:00:00
db:NVDid:CVE-2018-15380date:2024-11-21T03:50:39.917

SOURCES RELEASE DATE
db:VULHUBid:VHN-125634date:2019-02-20T00:00:00
db:BIDid:107095date:2019-02-20T00:00:00
db:JVNDBid:JVNDB-2018-014615date:2019-03-29T00:00:00
db:CNNVDid:CNNVD-201902-773date:2019-02-20T00:00:00
db:NVDid:CVE-2018-15380date:2019-02-20T23:29:00.193