Unrated severityNVD Advisory· Published Feb 21, 2019· Updated Nov 19, 2024

Cisco HyperFlex Unauthenticated Statistics Retrieval Vulnerability

CVE-2019-1666

Description

A vulnerability in the Graphite service of Cisco HyperFlex software could allow an unauthenticated, remote attacker to retrieve data from the Graphite service. The vulnerability is due to insufficient authentication controls. An attacker could exploit this vulnerability by sending crafted requests to the Graphite service. A successful exploit could allow the attacker to retrieve any statistics from the Graphite service. Versions prior to 3.5(2a) are affected.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Cisco HyperFlex Graphite service allows unauthenticated remote attackers to retrieve statistics due to insufficient authentication, affecting versions prior to 3.5(2a).

Vulnerability

The Graphite service in Cisco HyperFlex software versions prior to 3.5(2a) lacks sufficient authentication controls, allowing unauthenticated remote attackers to access the service. The vulnerability resides in the Graphite component and requires no special configuration to be reachable. [1]

Exploitation

An attacker can exploit this vulnerability by sending crafted requests to the Graphite service from any network position. No authentication or user interaction is required. The attacker simply needs network access to the targeted HyperFlex system.

Impact

Successful exploitation allows the attacker to retrieve any statistics collected by the Graphite service, leading to unauthorized disclosure of sensitive metrics and system information.

Mitigation

Cisco has released software updates to address this vulnerability. Users should upgrade to version 3.5(2a) or later. No workarounds are available. [1]

References

Cisco Security Advisory: Cisco HyperFlex Unauthenticated Statistics Retrieval Vulnerability

AI Insight generated on May 25, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

Cisco Systems, Inc./HyperFlex HXllm-fuzzy
Range: <3.5(2a)
Cisco Systems, Inc./HyperFlex HX-Seriescpe-rescue
Range: unspecified

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190220-hyper-retrievemitrevendor-advisoryx_refsource_CISCO
www.securityfocus.com/bid/107108mitrevdb-entryx_refsource_BID

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000