Vulnerability Summary: - A vulnerability in the service of Cisco HyperFlex Software could let an unauthenticated, local attacker gain root access to all nodes in the cluster due to insufficient authentication controls. Vulnerability Details: - Advisory ID: cisco-sa-20190220-chn-root-access - CVE ID: CVE-2019-1664 - CWE ID: CWE-287 - Risk Rating: High - Severity: CVSS Base Score 8.1 - Cisco Bug ID: CSCvk31047 Affected Products: - This vulnerability affects Cisco HyperFlex Software Releases prior to 3.5(2a). Workarounds: - A workaround exists for customers unable to upgrade to a fixed release, contact Cisco Technical Assistance Center (TAC) for coordination. Fixed Software: - The vulnerability is fixed in Cisco HyperFlex Release 3.5(2a), available through the Software Center on Cisco.com. Exploitation and Public Announcements: - No public announcements or malicious use reported as of this advisory. Source: - The vulnerability was discovered during internal security testing.