admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-28 09:11:28 +00:00
Code Issues Packages Projects Releases Wiki Activity
nvd-json-data-feeds/CVE-2019/CVE-2019-16xx/CVE-2019-1667.json
René Helmke 7791f18b51 bootstrap
2023-05-16 16:09:41 +02:00

199 lines
7.2 KiB
JSON
Raw Blame History

{
"id": "CVE-2019-1667",
"sourceIdentifier": "ykramarz@cisco.com",
"published": "2019-02-21T19:29:00.507",
"lastModified": "2021-10-28T13:40:21.347",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the Graphite interface of Cisco HyperFlex software could allow an authenticated, local attacker to write arbitrary data to the Graphite interface. The vulnerability is due to insufficient authorization controls. An attacker could exploit this vulnerability by connecting to the Graphite service and sending arbitrary data. A successful exploit could allow the attacker to write arbitrary data to Graphite, which could result in invalid statistics being presented in the interface. Versions prior to 3.5(2a) are affected."
},
{
"lang": "es",
"value": "Una vulnerabilidad en la interfaz Graphite del software HyperFlex de Cisco podr\u00eda permitir a un atacante local autenticado escribir datos arbitrarios en la interfaz Graphite. Esta vulnerabilidad se debe a controles de autorizaci\u00f3n insuficientes. Un atacante podr\u00eda explotar esta vulnerabilidad conect\u00e1ndose al servicio Graphite y enviando datos arbitrarios. Un exploit exitoso podr\u00eda permitir al atacante escribir datos arbitrarios en Graphite, lo que podr\u00eda conducir a la existencia de estad\u00edsticas inv\u00e1lidas en la interfaz. Todas las versiones anteriores a la 3.5(2a) se ven afectadas."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW"
},
"exploitabilityScore": 1.8,
"impactScore": 1.4
}
],
"cvssMetricV30": [
{
"source": "ykramarz@cisco.com",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.5,
"impactScore": 1.4
}
],
"cvssMetricV2": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:N",
"accessVector": "LOCAL",
"accessComplexity": "LOW",
"authentication": "NONE",
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"availabilityImpact": "NONE",
"baseScore": 2.1
},
"baseSeverity": "LOW",
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-863"
}
]
},
{
"source": "ykramarz@cisco.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-345"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:hyperflex_hx_data_platform:2.6\\(1a\\):*:*:*:*:*:*:*",
"matchCriteriaId": "0D56AD98-9D0D-4ECA-8766-4F19A33F954D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:hyperflex_hx_data_platform:2.6\\(1b\\):*:*:*:*:*:*:*",
"matchCriteriaId": "1CEF2FCB-304F-4BDE-9668-C610ECBC2EBD"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:hyperflex_hx_data_platform:2.6\\(1d\\):*:*:*:*:*:*:*",
"matchCriteriaId": "F4F1BF1D-5DC7-4F8A-BC50-D5ED26D4C015"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:hyperflex_hx_data_platform:2.6\\(1e\\):*:*:*:*:*:*:*",
"matchCriteriaId": "9831733F-FD4F-4603-B5E9-F4C87214E8AA"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:hyperflex_hx_data_platform:3.0\\(1a\\):*:*:*:*:*:*:*",
"matchCriteriaId": "FF61D59F-2C04-4210-87C4-9F6C11EEAC7B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:hyperflex_hx_data_platform:3.0\\(1b\\):*:*:*:*:*:*:*",
"matchCriteriaId": "0E56E757-9DDB-49E1-A00A-1EFFB751E3D9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:hyperflex_hx_data_platform:3.0\\(1c\\):*:*:*:*:*:*:*",
"matchCriteriaId": "BD4BC158-9304-4C85-B054-549083B6A7F5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:hyperflex_hx_data_platform:3.0\\(1d\\):*:*:*:*:*:*:*",
"matchCriteriaId": "158B80ED-1BB9-44AE-A321-F313F25062D2"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:hyperflex_hx_data_platform:3.0\\(1e\\):*:*:*:*:*:*:*",
"matchCriteriaId": "DB7222C3-1EC3-4B30-A45E-987A995F3E7C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:hyperflex_hx_data_platform:3.0\\(1h\\):*:*:*:*:*:*:*",
"matchCriteriaId": "2976280F-1B13-45A6-93A2-020F1AE86DA1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:hyperflex_hx_data_platform:3.0\\(1i\\):*:*:*:*:*:*:*",
"matchCriteriaId": "B14891F1-CA29-4D9A-9733-C654EB225CF8"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:hyperflex_hx_data_platform:3.5\\(1a\\):*:*:*:*:*:*:*",
"matchCriteriaId": "7C0D94A1-59E4-4830-B438-C71AD1C19467"
}
]
}
]
}
],
"references": [
{
"url": "http://www.securityfocus.com/bid/107100",
"source": "ykramarz@cisco.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190220-hyper-write",
"source": "ykramarz@cisco.com",
"tags": [
"Vendor Advisory"
]
}
]
}
Reference in New Issue View Git Blame Copy Permalink