A vulnerability in the cluster service manager of Cisco HyperFlex Software could allow an unauthenticated, adjacent attacker to execute commands as the root user. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by connecting to the cluster service manager and injecting commands into the bound process. A successful exploit could allow the attacker to run commands on the affected host as the root user. This vulnerability affects Cisco HyperFlex Software releases prior to 3.5(2a).
References
Link | Resource |
---|---|
http://www.securityfocus.com/bid/107095 | Third Party Advisory VDB Entry |
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190220-hyperflex-injection | Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: cisco
Published: 2019-02-20T00:00:00
Updated: 2019-02-21T10:57:01
Reserved: 2018-08-17T00:00:00
Link: CVE-2018-15380
JSON object: View
NVD Information
Status : Modified
Published: 2019-02-20T23:29:00.193
Modified: 2019-10-09T23:35:29.437
Link: CVE-2018-15380
JSON object: View
Redhat Information
No data.
CWE