Hyperflex Hx220C M5 Firmware
CVE-2019-12621
HIGH
Severity by source
AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
Lifecycle Timeline
1DescriptionNVD
A vulnerability in Cisco HyperFlex Software could allow an unauthenticated, remote attacker to perform a man-in-the-middle attack. The vulnerability is due to insufficient key management. An attacker could exploit this vulnerability by obtaining a specific encryption key for the cluster. A successful exploit could allow the attacker to perform a man-in-the-middle attack against other nodes in the cluster.
AnalysisAI
A vulnerability in Cisco HyperFlex Software could allow an unauthenticated, remote attacker to perform a man-in-the-middle attack. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.
Technical ContextAI
This vulnerability is classified under CWE-320. A vulnerability in Cisco HyperFlex Software could allow an unauthenticated, remote attacker to perform a man-in-the-middle attack. The vulnerability is due to insufficient key management. An attacker could exploit this vulnerability by obtaining a specific encryption key for the cluster. A successful exploit could allow the attacker to perform a man-in-the-middle attack against other nodes in the cluster. Affected products include: Cisco Hyperflex Hx220C M5 Firmware, Cisco Hyperflex Hx240C M5 Firmware, Cisco Hyperflex Hx220C Af M5 Firmware, Cisco Hyperflex Hx240C Af M5 Firmware, Cisco Hyperflex Hx220C Edge M5 Firmware.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
More in Hyperflex Hx220C M5 Firmware
View allA vulnerability in the web-based interface of Cisco HyperFlex Software could allow an unauthenticated, remote attacker t
A vulnerability in the statistics collection service of Cisco HyperFlex Software could allow an unauthenticated, remote
Same weakness CWE-320 – Key Management Errors
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today