CVE-2019-1667 — Vulnetix

CVE-2019-1667 PUBLISHED CVSS 4 MEDIUM

A vulnerability in the Graphite interface of Cisco HyperFlex software could allow an authenticated, local attacker to write arbitrary data to the Graphite interface. The vulnerability is due to insufficient authorization controls. An attacker could exploit this vulnerability by connecting to the Graphite service and sending arbitrary data. A successful exploit could allow the attacker to write arbitrary data to Graphite, which could result in invalid statistics being presented in the interface. Versions prior to 3.5(2a) are affected.

EPSS 0.03% · 8.6th percentile

Risk Scores

CVSS 3.0

CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

EPSS Score

0.03%

8.6th percentile

Affected Products

Vendor	Product	Versions
Cisco	Cisco HyperFlex HX-Series	*
cisco	hyperflex_hx_data_platform	2.6\(1b\), 2.6\(1d\), 2.6\(1e\)

Exploit Intelligence

20190220 Cisco HyperFlex Arbitrary Statistics Write Vulnerability (circl)
107100 (circl)

Timeline

Feb 21, 2019 CVE Published
Apr 14, 2021 EPSS Score
Jun 23, 2021 EPSS Score
Aug 24, 2021 EPSS Score
Oct 26, 2021 EPSS Score
Dec 27, 2021 EPSS Score
Feb 28, 2022 EPSS Score
Apr 1, 2022 EPSS Score
May 1, 2022 EPSS Score
Jul 3, 2022 EPSS Score
Sep 4, 2022 EPSS Score
Nov 6, 2022 EPSS Score

References

20190220 Cisco HyperFlex Arbitrary Statistics Write Vulnerability vendor-advisory
107100 vdb
https://nvd.nist.gov/vuln/detail/CVE-2019-1667 advisory

Open in Interactive Console →