Information disclosure in Cisco Hyperflex Hx-series

CVE-2018-15407

A vulnerability in the installation process of Cisco HyperFlex Software could allow an authenticated, local attacker to read sensitive information. The vulnerability is due to insufficient cleanup of installation files. An attacker could e…

Vulnerability class: Information Disclosure

EPSS: 0.001 (19.2th percentile) — read the EPSS interpretation.

Affected products

Cisco Hyperflex Hx-series — versions n/a

Weakness classification (CWE)

CWE-200 — Information Disclosure

References

20181003 Cisco HyperFlex World-Readable Sensitive Information Vulnerability (x_refsource_CISCO, vendor-advisory)