First published: Fri Oct 05 2018(Updated: )
A vulnerability in the installation process of Cisco HyperFlex Software could allow an authenticated, local attacker to read sensitive information. The vulnerability is due to insufficient cleanup of installation files. An attacker could exploit this vulnerability by accessing the residual installation files on an affected system. A successful exploit could allow the attacker to collect sensitive information regarding the configuration of the system.
Credit: ykramarz@cisco.com
Affected Software | Affected Version | How to fix |
---|---|---|
Cisco HyperFlex HX Data Platform | =3.0\(1a\) |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2018-15407 is a vulnerability in the installation process of Cisco HyperFlex Software that could allow an authenticated, local attacker to read sensitive information.
An attacker can exploit CVE-2018-15407 by accessing the residual installation files left behind during the installation process.
The severity of CVE-2018-15407 is medium with a CVSS score of 5.5.
Cisco HyperFlex HX Data Platform version 3.0(1a) is affected by CVE-2018-15407.
To fix CVE-2018-15407, it is recommended to apply the necessary patches or updates provided by Cisco.