Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.4
CVSSv3

CVE-2019-12621

Published: 21/08/2019 Updated: 28/10/2021
CVSS v2 Base Score: 5.8 | Impact Score: 4.9 | Exploitability Score: 8.6
CVSS v3 Base Score: 7.4 | Impact Score: 5.2 | Exploitability Score: 2.2
VMScore: 516
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:N
Subscribe to Hyperflex Hx220c M5 Firmware

Vulnerability Summary

A vulnerability in Cisco HyperFlex Software could allow an unauthenticated, remote malicious user to perform a man-in-the-middle attack. The vulnerability is due to insufficient key management. An attacker could exploit this vulnerability by obtaining a specific encryption key for the cluster. A successful exploit could allow the malicious user to perform a man-in-the-middle attack against other nodes in the cluster.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

cisco hyperflex_hx220c_m5_firmware 3.0\\(1a\\)

cisco hyperflex_hx220c_m5_firmware 3.5\\(2a\\)

cisco hyperflex_hx240c_m5_firmware 3.0\\(1a\\)

cisco hyperflex_hx240c_m5_firmware 3.5\\(2a\\)

cisco hyperflex_hx220c_af_m5_firmware 3.5\\(2a\\)

cisco hyperflex_hx220c_af_m5_firmware 3.0\\(1a\\)

cisco hyperflex_hx240c_af_m5_firmware 3.0\\(1a\\)

cisco hyperflex_hx240c_af_m5_firmware 3.5\\(2a\\)

cisco hyperflex_hx220c_edge_m5_firmware 3.0\\(1a\\)

cisco hyperflex_hx220c_edge_m5_firmware 3.5\\(2a\\)

Vendor Advisories

Cisco: Cisco HyperFlex Static SSL Key Vulnerability
A vulnerability in Cisco HyperFlex Software could allow an unauthenticated, remote attacker to perform a man-in-the-middle attack The vulnerability is due to insufficient key management An attacker could exploit this vulnerability by obtaining a specific encryption key for the cluster A successful exploit could allow the attacker to perform a ma ...

References

CWE-327https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190821-hyperflex-sslkeyhttps://nvd.nist.govhttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190821-hyperflex-sslkey
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-48693CVE-2024-30851CVE-2024-34460CVE-2024-2887localCVE-2024-27956remote code executionCVE-2024-34475privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook