cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2019-1975,https://securityvulnerability.io/vulnerability/CVE-2019-1975,Cisco HyperFlex Software Cross-Frame Scripting Vulnerability,"A vulnerability in the web-based interface of Cisco HyperFlex Software could allow an unauthenticated, remote attacker to execute a cross-frame scripting (XFS) attack on an affected device. This vulnerability is due to insufficient HTML iframe protection. An attacker could exploit this vulnerability by directing a user to an attacker-controlled web page that contains a malicious HTML iframe. A successful exploit could allow the attacker to conduct clickjacking or other clientside browser attacks.",Cisco,Cisco Hyperflex Hx-series,6.5,MEDIUM,0.001230000052601099,false,,false,false,true,2024-08-04T19:16:21.000Z,,false,false,,2019-09-18T00:00:00.000Z,0
CVE-2019-12620,https://securityvulnerability.io/vulnerability/CVE-2019-12620,Cisco HyperFlex Software Counter Value Injection Vulnerability,"A vulnerability in the statistics collection service of Cisco HyperFlex Software could allow an unauthenticated, remote attacker to inject arbitrary values on an affected device. The vulnerability is due to insufficient authentication for the statistics collection service. An attacker could exploit this vulnerability by sending properly formatted data values to the statistics collection service of an affected device. A successful exploit could allow the attacker to cause the web interface statistics view to present invalid data to users.",Cisco,Cisco Hyperflex Hx-series,5.3,MEDIUM,0.0013599999947473407,false,,false,false,true,2024-09-17T03:17:15.000Z,,false,false,,2019-09-18T00:00:00.000Z,0
CVE-2019-12621,https://securityvulnerability.io/vulnerability/CVE-2019-12621,Cisco HyperFlex Static SSL Key Vulnerability,"A vulnerability in Cisco HyperFlex Software could allow an unauthenticated, remote attacker to perform a man-in-the-middle attack. The vulnerability is due to insufficient key management. An attacker could exploit this vulnerability by obtaining a specific encryption key for the cluster. A successful exploit could allow the attacker to perform a man-in-the-middle attack against other nodes in the cluster.",Cisco,Cisco Hyperflex Hx-series,6.8,MEDIUM,0.001290000043809414,false,,false,false,true,2024-09-17T02:15:52.000Z,,false,false,,2019-08-21T00:00:00.000Z,0
CVE-2019-1958,https://securityvulnerability.io/vulnerability/CVE-2019-1958,Cisco HyperFlex Software Cross-Site Request Forgery Vulnerability,"A vulnerability in the web-based management interface of Cisco HyperFlex Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. The vulnerability is due to insufficient CSRF protections for the web UI on an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to follow a malicious link. A successful exploit could allow the attacker to perform arbitrary actions with the privilege level of the affected user.",Cisco,Cisco Hyperflex Hx-series,5.4,MEDIUM,0.001129999989643693,false,,false,false,true,2024-08-04T19:16:20.000Z,,false,false,,2019-08-08T08:15:00.000Z,0
CVE-2019-1857,https://securityvulnerability.io/vulnerability/CVE-2019-1857,Cisco HyperFlex HX-Series Web-Based Management Interface Cross-Site Request Forgery Vulnerability,"A vulnerability in the web-based management interface of Cisco HyperFlex HX-Series could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected system. The vulnerability is due to insufficient CSRF protections for the web-based management interface of the affected software. An attacker could exploit this vulnerability by persuading a user of the interface to follow a crafted link. A successful exploit could allow the attacker to perform arbitrary actions on an affected system by using a web browser and with the privileges of the user.",Cisco,Cisco Hyperflex Hx-series,6.1,MEDIUM,0.0011099999537691474,false,,false,false,true,2024-08-04T19:16:14.000Z,,false,false,,2019-05-03T17:29:00.000Z,0
CVE-2019-1665,https://securityvulnerability.io/vulnerability/CVE-2019-1665,Cisco Hyperflex Stored Cross-Site Scripting Vulnerability,"A vulnerability in the web-based management interface of Cisco HyperFlex software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected system. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected system. An attacker could exploit this vulnerability by persuading a user of the interface to click a maliciously crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. Versions prior to 3.5(1a) are affected.",Cisco,Cisco Hyperflex Hx-series,4.7,MEDIUM,0.0007099999929778278,false,,false,false,true,2024-08-04T19:16:03.000Z,,false,false,,2019-02-21T19:29:00.000Z,0
CVE-2019-1664,https://securityvulnerability.io/vulnerability/CVE-2019-1664,Cisco HyperFlex Software Unauthenticated Root Access Vulnerability,"A vulnerability in the hxterm service of Cisco HyperFlex Software could allow an unauthenticated, local attacker to gain root access to all nodes in the cluster. The vulnerability is due to insufficient authentication controls. An attacker could exploit this vulnerability by connecting to the hxterm service as a non-privileged, local user. A successful exploit could allow the attacker to gain root access to all member nodes of the HyperFlex cluster. This vulnerability affects Cisco HyperFlex Software Releases prior to 3.5(2a).",Cisco,Cisco Hyperflex Hx-series,8.1,HIGH,0.0004199999966658652,false,,false,false,true,2024-08-04T19:16:03.000Z,,false,false,,2019-02-21T19:29:00.000Z,0
CVE-2019-1666,https://securityvulnerability.io/vulnerability/CVE-2019-1666,Cisco HyperFlex Unauthenticated Statistics Retrieval Vulnerability,"A vulnerability in the Graphite service of Cisco HyperFlex software could allow an unauthenticated, remote attacker to retrieve data from the Graphite service. The vulnerability is due to insufficient authentication controls. An attacker could exploit this vulnerability by sending crafted requests to the Graphite service. A successful exploit could allow the attacker to retrieve any statistics from the Graphite service. Versions prior to 3.5(2a) are affected.",Cisco,Cisco Hyperflex Hx-series,5.3,MEDIUM,0.0007900000200606883,false,,false,false,true,2024-08-04T19:16:03.000Z,,false,false,,2019-02-21T19:29:00.000Z,0
CVE-2019-1667,https://securityvulnerability.io/vulnerability/CVE-2019-1667,Cisco HyperFlex Arbitrary Statistics Write Vulnerability,"A vulnerability in the Graphite interface of Cisco HyperFlex software could allow an authenticated, local attacker to write arbitrary data to the Graphite interface. The vulnerability is due to insufficient authorization controls. An attacker could exploit this vulnerability by connecting to the Graphite service and sending arbitrary data. A successful exploit could allow the attacker to write arbitrary data to Graphite, which could result in invalid statistics being presented in the interface. Versions prior to 3.5(2a) are affected.",Cisco,Cisco Hyperflex Hx-series,4,MEDIUM,0.0004199999966658652,false,,false,false,true,2024-08-04T19:16:03.000Z,,false,false,,2019-02-21T19:29:00.000Z,0
CVE-2018-15380,https://securityvulnerability.io/vulnerability/CVE-2018-15380,Cisco HyperFlex Software Command Injection Vulnerability,"A vulnerability in the cluster service manager of Cisco HyperFlex Software could allow an unauthenticated, adjacent attacker to execute commands as the root user. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by connecting to the cluster service manager and injecting commands into the bound process. A successful exploit could allow the attacker to run commands on the affected host as the root user. This vulnerability affects Cisco HyperFlex Software releases prior to 3.5(2a).",Cisco,Cisco Hyperflex Hx-series,8.8,HIGH,0.0006000000284984708,false,,false,false,true,2024-08-05T10:17:48.000Z,,false,false,,2019-02-20T00:00:00.000Z,0
CVE-2018-15423,https://securityvulnerability.io/vulnerability/CVE-2018-15423,Cisco HyperFlex UI Clickjacking Vulnerability,"A vulnerability in the web UI of Cisco HyperFlex Software could allow an unauthenticated, remote attacker to affect the integrity of a device via a clickjacking attack. The vulnerability is due to insufficient input validation of iFrame data in HTTP requests that are sent to an affected device. An attacker could exploit this vulnerability by sending crafted HTTP packets with malicious iFrame data. A successful exploit could allow the attacker to perform a clickjacking attack where the user is tricked into clicking a malicious link.",Cisco,Cisco Hyperflex Hx-series,4.7,MEDIUM,0.0008800000068731606,false,,false,false,false,,,false,false,,2018-10-05T14:29:00.000Z,0
CVE-2018-15407,https://securityvulnerability.io/vulnerability/CVE-2018-15407,Cisco HyperFlex World-Readable Sensitive Information Vulnerability,"A vulnerability in the installation process of Cisco HyperFlex Software could allow an authenticated, local attacker to read sensitive information. The vulnerability is due to insufficient cleanup of installation files. An attacker could exploit this vulnerability by accessing the residual installation files on an affected system. A successful exploit could allow the attacker to collect sensitive information regarding the configuration of the system.",Cisco,Cisco Hyperflex Hx-series,5.5,MEDIUM,0.0004199999966658652,false,,false,false,false,,,false,false,,2018-10-05T14:29:00.000Z,0
CVE-2018-15382,https://securityvulnerability.io/vulnerability/CVE-2018-15382,Cisco HyperFlex Software Static Signing Key Vulnerability,"A vulnerability in Cisco HyperFlex Software could allow an unauthenticated, remote attacker to generate valid, signed session tokens. The vulnerability is due to a static signing key that is present in all Cisco HyperFlex systems. An attacker could exploit this vulnerability by accessing the static signing key from one HyperFlex system and using it to generate valid, signed session tokens for another HyperFlex system. A successful exploit could allow the attacker to access the HyperFlex Web UI of a system for which they are not authorized.",Cisco,Cisco Hyperflex Hx-series,8.6,HIGH,0.0009699999936856329,false,,false,false,false,,,false,false,,2018-10-05T14:29:00.000Z,0