Unrated severityNVD Advisory· Published Feb 21, 2019· Updated Nov 20, 2024

Cisco HyperFlex Software Unauthenticated Root Access Vulnerability

CVE-2019-1664

Description

A vulnerability in the hxterm service of Cisco HyperFlex Software could allow an unauthenticated, local attacker to gain root access to all nodes in the cluster. The vulnerability is due to insufficient authentication controls. An attacker could exploit this vulnerability by connecting to the hxterm service as a non-privileged, local user. A successful exploit could allow the attacker to gain root access to all member nodes of the HyperFlex cluster. This vulnerability affects Cisco HyperFlex Software Releases prior to 3.5(2a).

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

An unauthenticated, local attacker can gain root access to all nodes in a Cisco HyperFlex cluster via the hxterm service due to insufficient authentication controls.

Vulnerability

A vulnerability in the hxterm service of Cisco HyperFlex Software allows an unauthenticated, local attacker to gain root access to all nodes in the cluster. The bug stems from insufficient authentication controls in the service. Affected versions are Cisco HyperFlex Software releases prior to 3.5(2a) [1].

Exploitation

An attacker must have local, non-privileged access to a node in the cluster. The exploit involves connecting to the hxterm service as a local user; no additional authentication is required [1].

Impact

Successful exploitation grants root access to all member nodes of the HyperFlex cluster, allowing full compromise of the cluster [1].

Mitigation

Cisco has released fixed software in version 3.5(2a). Customers should upgrade to this or a later release. No workaround is available [1].

References

Cisco Security Advisory: Cisco HyperFlex Software Unauthenticated Root Access Vulnerability

AI Insight generated on May 25, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

Cisco Systems, Inc./HyperFlex Softwarellm-fuzzy
Range: <3.5(2a)
Cisco Systems, Inc./HyperFlex HX-Seriescpe-rescue
Range: unspecified

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190220-chn-root-accessmitrevendor-advisoryx_refsource_CISCO
www.securityfocus.com/bid/107103mitrevdb-entryx_refsource_BID

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000