Hyperflex Hx220C M5 Firmware
CVE-2019-12620
MEDIUM
Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Lifecycle Timeline
1DescriptionNVD
A vulnerability in the statistics collection service of Cisco HyperFlex Software could allow an unauthenticated, remote attacker to inject arbitrary values on an affected device. The vulnerability is due to insufficient authentication for the statistics collection service. An attacker could exploit this vulnerability by sending properly formatted data values to the statistics collection service of an affected device. A successful exploit could allow the attacker to cause the web interface statistics view to present invalid data to users.
AnalysisAI
A vulnerability in the statistics collection service of Cisco HyperFlex Software could allow an unauthenticated, remote attacker to inject arbitrary values on an affected device. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified under CWE-345. A vulnerability in the statistics collection service of Cisco HyperFlex Software could allow an unauthenticated, remote attacker to inject arbitrary values on an affected device. The vulnerability is due to insufficient authentication for the statistics collection service. An attacker could exploit this vulnerability by sending properly formatted data values to the statistics collection service of an affected device. A successful exploit could allow the attacker to cause the web interface statistics view to present invalid data to users. Affected products include: Cisco Hyperflex Hx220C M5 Firmware, Cisco Hyperflex Hx240C M5 Firmware, Cisco Hyperflex Hx220C Af M5 Firmware, Cisco Hyperflex Hx240C Af M5 Firmware, Cisco Hyperflex Hx220C Edge M5 Firmware.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
More in Hyperflex Hx220C M5 Firmware
View allA vulnerability in Cisco HyperFlex Software could allow an unauthenticated, remote attacker to perform a man-in-the-midd
A vulnerability in the web-based interface of Cisco HyperFlex Software could allow an unauthenticated, remote attacker t
Same technique Code Injection
View allShare
External POC / Exploit Code
Leaving vuln.today