CVE-2018-15380
moderate-risk
Published 2019-02-20
A vulnerability in the cluster service manager of Cisco HyperFlex Software could allow an unauthenticated, adjacent attacker to execute commands as the root user. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by connecting to the cluster service manager and injecting commands into the bound process. A successful exploit could allow the attacker to run commands on the affected host as the root user. This vulnerability affects Cisco HyperFlex Software releases prior to 3.5(2a).
Do I need to act?
-
0.17% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
8
CVSS 8.8/10
High
ADJACENT_NETWORK
/ LOW complexity
Affected Products (2)
Affected Vendors
References (4)
Third Party Advisory
http://www.securityfocus.com/bid/107095
Third Party Advisory
http://www.securityfocus.com/bid/107095
35
/ 100
moderate-risk
Severity
27/34 · High
Exploitability
1/34 · Minimal
Exposure
7/34 · Low