CVE-2018-15407

{"id": "CVE-2018-15407", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 2.1, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 1.8}]}, "published": "2018-10-05T14:29:09.137", "references": [{"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181003-hyperflex-info", "tags": ["Vendor Advisory"], "source": "ykramarz@cisco.com"}, {"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181003-hyperflex-info", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "ykramarz@cisco.com", "description": [{"lang": "en", "value": "CWE-200"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-459"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability in the installation process of Cisco HyperFlex Software could allow an authenticated, local attacker to read sensitive information. The vulnerability is due to insufficient cleanup of installation files. An attacker could exploit this vulnerability by accessing the residual installation files on an affected system. A successful exploit could allow the attacker to collect sensitive information regarding the configuration of the system."}, {"lang": "es", "value": "Una vulnerabilidad en el proceso de autenticaci\u00f3n en el proceso de instalaci\u00f3n de Cisco HyperFlex Software podr\u00eda permitir que un atacante local autenticado lea informaci\u00f3n sensible. Esta vulnerabilidad se debe a una limpieza de archivos de instalaci\u00f3n insuficiente. Un atacante podr\u00eda explotar esta vulnerabilidad accediendo a los archivos residuales de instalaci\u00f3n en un sistema afectado. Su explotaci\u00f3n con \u00e9xito podr\u00eda permitir que el atacante recopile informaci\u00f3n sensible sobre la configuraci\u00f3n del sistema."}], "lastModified": "2024-11-21T03:50:43.440", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:cisco:hyperflex_hx_data_platform:3.0\\(1a\\):*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "94607F74-2E39-450A-8DC8-ACB6550FF4EB"}], "operator": "OR"}]}], "sourceIdentifier": "ykramarz@cisco.com"}