Sign-up

ID

VAR-201902-0856


CVE

CVE-2019-1667


TITLE

Cisco HyperFlex Vulnerability related to insufficient verification of data reliability in software

Trust: 0.8

sources: JVNDB: JVNDB-2019-001941

DESCRIPTION

A vulnerability in the Graphite interface of Cisco HyperFlex software could allow an authenticated, local attacker to write arbitrary data to the Graphite interface. The vulnerability is due to insufficient authorization controls. An attacker could exploit this vulnerability by connecting to the Graphite service and sending arbitrary data. A successful exploit could allow the attacker to write arbitrary data to Graphite, which could result in invalid statistics being presented in the interface. Versions prior to 3.5(2a) are affected. Cisco HyperFlex The software is vulnerable to insufficient validation of data reliability.Information may be tampered with. Cisco HyperFlex is prone to an arbitrary file-overwrite vulnerability. Attackers can overwrite arbitrary files on an unsuspecting user's computer in the context of the vulnerable application. This issue is being tracked by Cisco Bug IDs CSCvj95590. Cisco HyperFlex Software is a set of scalable distributed file systems from Cisco. The system provides unified computing, storage and network through cloud management, and provides enterprise-level data management and optimization services

Trust: 1.98

sources: NVD: CVE-2019-1667 // JVNDB: JVNDB-2019-001941 // BID: 107100 // VULHUB: VHN-148839

AFFECTED PRODUCTS

vendor:ciscomodel:hyperflex hx data platformscope:eqversion:2.6\(1e\)

Trust: 1.0

vendor:ciscomodel:hyperflex hx data platformscope:eqversion:3.5\(1a\)

Trust: 1.0

vendor:ciscomodel:hyperflex hx data platformscope:eqversion:3.0\(1b\)

Trust: 1.0

vendor:ciscomodel:hyperflex hx data platformscope:eqversion:3.0\(1d\)

Trust: 1.0

vendor:ciscomodel:hyperflex hx data platformscope:eqversion:2.6\(1a\)

Trust: 1.0

vendor:ciscomodel:hyperflex hx data platformscope:eqversion:3.0\(1e\)

Trust: 1.0

vendor:ciscomodel:hyperflex hx data platformscope:eqversion:3.0\(1h\)

Trust: 1.0

vendor:ciscomodel:hyperflex hx data platformscope:eqversion:3.0\(1i\)

Trust: 1.0

vendor:ciscomodel:hyperflex hx data platformscope:eqversion:3.0\(1c\)

Trust: 1.0

vendor:ciscomodel:hyperflex hx data platformscope:eqversion:3.0\(1a\)

Trust: 1.0

vendor:ciscomodel:hyperflex hx data platformscope:eqversion:2.6\(1d\)

Trust: 1.0

vendor:ciscomodel:hyperflex hx data platformscope:eqversion:2.6\(1b\)

Trust: 1.0

vendor:ciscomodel:hyperflexscope:ltversion:3.5(2a)

Trust: 0.8

vendor:ciscomodel:hyperflex software 3.0scope: - version: -

Trust: 0.3

vendor:ciscomodel:hyperflex software 3.5scope:neversion: -

Trust: 0.3

sources: BID: 107100 // JVNDB: JVNDB-2019-001941 // NVD: CVE-2019-1667

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2019-1667
value: LOW

Trust: 1.0

ykramarz@cisco.com: CVE-2019-1667
value: MEDIUM

Trust: 1.0

NVD: CVE-2019-1667
value: LOW

Trust: 0.8

CNNVD: CNNVD-201902-796
value: LOW

Trust: 0.6

VULHUB: VHN-148839
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2019-1667
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:N/I:P/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-148839
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:N/I:P/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2019-1667
baseSeverity: LOW
baseScore: 3.3
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 1.8
impactScore: 1.4
version: 3.1

Trust: 1.0

ykramarz@cisco.com: CVE-2019-1667
baseSeverity: MEDIUM
baseScore: 4.0
vectorString: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 2.5
impactScore: 1.4
version: 3.0

Trust: 1.0

NVD: CVE-2019-1667
baseSeverity: LOW
baseScore: 3.3
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-148839 // JVNDB: JVNDB-2019-001941 // CNNVD: CNNVD-201902-796 // NVD: CVE-2019-1667 // NVD: CVE-2019-1667

PROBLEMTYPE DATA

problemtype:CWE-345

Trust: 1.9

problemtype:CWE-863

Trust: 1.0

sources: VULHUB: VHN-148839 // JVNDB: JVNDB-2019-001941 // NVD: CVE-2019-1667

THREAT TYPE

local

Trust: 0.9

sources: BID: 107100 // CNNVD: CNNVD-201902-796

TYPE

data forgery

Trust: 0.6

sources: CNNVD: CNNVD-201902-796

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2019-001941

PATCH
title:cisco-sa-20190220-hyper-writeurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190220-hyper-write
Trust: 0.8
title:Cisco HyperFlex software Repairs for insufficiently validated data reliability vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=89590
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2019-001941 // 
            
            
            
            CNNVD: CNNVD-201902-796

EXTERNAL IDS
db:NVDid:CVE-2019-1667
Trust: 2.8
db:BIDid:107100
Trust: 2.0
db:JVNDBid:JVNDB-2019-001941
Trust: 0.8
db:CNNVDid:CNNVD-201902-796
Trust: 0.7
db:NSFOCUSid:42793
Trust: 0.6
db:AUSCERTid:ESB-2019.0532.3
Trust: 0.6
db:VULHUBid:VHN-148839
Trust: 0.1
sources:
            
            
            VULHUB: VHN-148839 // 
            
            
            
            BID: 107100 // 
            
            
            
            JVNDB: JVNDB-2019-001941 // 
            
            
            
            CNNVD: CNNVD-201902-796 // 
            
            
            
            NVD: CVE-2019-1667

REFERENCES
url:http://www.securityfocus.com/bid/107100
Trust: 2.3
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190220-hyper-write
Trust: 2.0
url:https://nvd.nist.gov/vuln/detail/cve-2019-1667
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-1667
Trust: 0.8
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190220-hyper-xss
Trust: 0.6
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190220-hyper-retrieve
Trust: 0.6
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190220-chn-root-access
Trust: 0.6
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-20190220-hyperflex-injection
Trust: 0.6
url:https://www.auscert.org.au/bulletins/75874
Trust: 0.6
url:https://www.auscert.org.au/bulletins/esb-2019.0532.3/
Trust: 0.6
url:http://www.nsfocus.net/vulndb/42793
Trust: 0.6
url:http://www.cisco.com/
Trust: 0.3
sources:
            
            
            VULHUB: VHN-148839 // 
            
            
            
            BID: 107100 // 
            
            
            
            JVNDB: JVNDB-2019-001941 // 
            
            
            
            CNNVD: CNNVD-201902-796 // 
            
            
            
            NVD: CVE-2019-1667

CREDITS
This vulnerability was found during internal security testing.,Cisco,vendor
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-201902-796

SOURCES
db:VULHUBid:VHN-148839
db:BIDid:107100
db:JVNDBid:JVNDB-2019-001941
db:CNNVDid:CNNVD-201902-796
db:NVDid:CVE-2019-1667

LAST UPDATE DATE
2024-11-23T21:52:30.348000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-148839date:2019-10-09T00:00:00
db:BIDid:107100date:2019-02-20T00:00:00
db:JVNDBid:JVNDB-2019-001941date:2019-03-29T00:00:00
db:CNNVDid:CNNVD-201902-796date:2021-10-29T00:00:00
db:NVDid:CVE-2019-1667date:2024-11-21T04:37:03.273

SOURCES RELEASE DATE
db:VULHUBid:VHN-148839date:2019-02-21T00:00:00
db:BIDid:107100date:2019-02-20T00:00:00
db:JVNDBid:JVNDB-2019-001941date:2019-03-29T00:00:00
db:CNNVDid:CNNVD-201902-796date:2019-02-21T00:00:00
db:NVDid:CVE-2019-1667date:2019-02-21T19:29:00.507