What is CVE-2018-15380?

CVE-2018-15380 is a high-severity vulnerability in Cisco Hyperflex Hx-series, classified under OS Command Injection. CVSS score: 8.8/10. Published 2019-02-20.

How severe is CVE-2018-15380?

High severity. CVSS v3 base score is 8.8 out of 10.

RCE in Cisco Hyperflex Hx-series

CVE-2018-15380

A vulnerability in the cluster service manager of Cisco HyperFlex Software could allow an unauthenticated, adjacent attacker to execute commands as the root user. The vulnerability is due to insufficient input validation. An attacker could…

Vulnerability class: Command Injection (OS Command Injection)

EPSS: 0.002 (37.3th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 8.8 (High). Vector: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H.

Affected products

Cisco Hyperflex Hx-series — versions unspecified

Weakness classification (CWE)

CWE-78 — OS Command Injection

References

107095 (vdb-entry, x_refsource_BID)
20190220 Cisco HyperFlex Software Command Injection Vulnerability (x_refsource_CISCO, vendor-advisory)

Frequently asked questions

What is CVE-2018-15380?: CVE-2018-15380 is a high-severity vulnerability in Cisco Hyperflex Hx-series, classified under OS Command Injection. CVSS score: 8.8/10. Published 2019-02-20.
How severe is CVE-2018-15380?: High severity. CVSS v3 base score is 8.8 out of 10.