What is CVE-2019-1664?

CVE-2019-1664 is a high-severity vulnerability in Cisco Hyperflex Hx-series, classified under Improper Access Control. CVSS score: 8.1/10. Published 2019-02-21.

How severe is CVE-2019-1664?

High severity. CVSS v3 base score is 8.1 out of 10.

Vulnerability in Cisco Hyperflex Hx-series

CVE-2019-1664

A vulnerability in the hxterm service of Cisco HyperFlex Software could allow an unauthenticated, local attacker to gain root access to all nodes in the cluster. The vulnerability is due to insufficient authentication controls. An attacker…

EPSS: 0.004 (61.0th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 8.1 (High). Vector: CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H.

Affected products

Cisco Hyperflex Hx-series — versions unspecified

Weakness classification (CWE)

CWE-284 — Improper Access Control

References

20190220 Cisco HyperFlex Software Unauthenticated Root Access Vulnerability (vendor-advisory, x_refsource_CISCO)
107103 (vdb-entry, x_refsource_BID)

Frequently asked questions

What is CVE-2019-1664?: CVE-2019-1664 is a high-severity vulnerability in Cisco Hyperflex Hx-series, classified under Improper Access Control. CVSS score: 8.1/10. Published 2019-02-21.
How severe is CVE-2019-1664?: High severity. CVSS v3 base score is 8.1 out of 10.