Cisco HyperFlex Software Unauthenticated Root Access Vulnerability (CVE-2019-1664) – 20th Feb 2019

Preface: HyperFlex is Cisco’s hyper-converged infrastructure (HCI) platform. It enable centralized management and enhanced operation efficiency.

Vulnerability detail:
The vulnerability resides in the hxterm service of the Cisco HyperFlex software package and it can “allow an unauthenticated, local attacker to gain root access to all nodes in the cluster, said Cisco.

If the following occurs:
You may login to the HX Data Platform command line interface in the Storage Controller VM in the following ways:
From a browser, a CLI terminal (SSH) and HX Connect Web CLI page.

OpenSSH can forward TCP sockets and UNIX domain sockets. If privilege separation is disabled, then on the server side, the forwarding is handled by a child of sshd that has root privileges. If an attacker who is permitted to log in as a normal user over SSH (using “ssh -L”). It can effectively connect to non-abstract unix domain sockets with root privileges.

Remedy: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190220-chn-root-access

6 thoughts on “Cisco HyperFlex Software Unauthenticated Root Access Vulnerability (CVE-2019-1664) – 20th Feb 2019”

  1. Hmm it looks like your site ate my first comment (it was extremely long) so I guess I’ll just sum it up what I had written and say, I’m thoroughly enjoying your blog. I as well am an aspiring blog blogger but I’m still new to everything. Do you have any helpful hints for rookie blog writers? I’d genuinely appreciate it.|

  2. If you are going for best contents like me, only pay a visit this web page everyday for the reason that it provides feature contents, thanks|

  3. Helpful information. Fortunate me I found your web site accidentally, and I am stunned why this twist of fate didn’t took place in advance! I bookmarked it.|

  4. I am sure this piece of writing has touched all the internet people, its really really nice paragraph on building up new webpage.|

  5. If some one wishes expert view about blogging and site-building after that i propose him/her to pay a quick visit this weblog, Keep up the nice work.|

  6. It is in point of fact a nice and helpful piece of info. I’m happy that you simply shared this helpful information with us. Please stay us up to date like this. Thanks for sharing.|

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.