fkie_cve-2019-12621
Vulnerability from fkie_nvd
Published
2019-08-21 18:15
Modified
2024-11-21 04:23
Severity ?
7.4 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
Summary
A vulnerability in Cisco HyperFlex Software could allow an unauthenticated, remote attacker to perform a man-in-the-middle attack. The vulnerability is due to insufficient key management. An attacker could exploit this vulnerability by obtaining a specific encryption key for the cluster. A successful exploit could allow the attacker to perform a man-in-the-middle attack against other nodes in the cluster.
References
psirt@cisco.comhttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190821-hyperflex-sslkeyVendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190821-hyperflex-sslkeyVendor Advisory
Impacted products
Vendor Product Version
cisco hyperflex_hx220c_m5_firmware 3.0\(1a\)
cisco hyperflex_hx220c_m5_firmware 3.5\(2a\)
cisco hyperflex_hx220c_m5 -
cisco hyperflex_hx240c_m5_firmware 3.0\(1a\)
cisco hyperflex_hx240c_m5_firmware 3.5\(2a\)
cisco hyperflex_hx240c_m5 -
cisco hyperflex_hx220c_af_m5_firmware 3.0\(1a\)
cisco hyperflex_hx220c_af_m5_firmware 3.5\(2a\)
cisco hyperflex_hx220c_af_m5 -
cisco hyperflex_hx240c_af_m5_firmware 3.0\(1a\)
cisco hyperflex_hx240c_af_m5_firmware 3.5\(2a\)
cisco hyperflex_hx240c_af_m5 -
cisco hyperflex_hx220c_edge_m5_firmware 3.0\(1a\)
cisco hyperflex_hx220c_edge_m5_firmware 3.5\(2a\)
cisco hyperflex_hx220c_edge_m5 -


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:hyperflex_hx220c_m5_firmware:3.0\\(1a\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "58FC3EAE-8782-4B0E-9A4E-44992AC084C4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:hyperflex_hx220c_m5_firmware:3.5\\(2a\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "178FAB77-1990-4E88-B807-B4D894009AFD",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:hyperflex_hx220c_m5:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E19D6AF-E190-463D-B359-BB02362490D1",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:hyperflex_hx240c_m5_firmware:3.0\\(1a\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "CC9E6658-E058-4A76-9793-1A2DEB361A2A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:hyperflex_hx240c_m5_firmware:3.5\\(2a\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "90FA83FB-2D2E-4456-8362-9C5046346107",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:hyperflex_hx240c_m5:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5009EC3A-40C9-44B0-8E5E-599657F819FA",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:hyperflex_hx220c_af_m5_firmware:3.0\\(1a\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "5E0F3A0F-5A96-425F-9885-D0EFDB3A57B1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:hyperflex_hx220c_af_m5_firmware:3.5\\(2a\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "E03529C2-1F95-4392-8845-68250211476B",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:hyperflex_hx220c_af_m5:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "0D5AFDE1-3A3B-4AF8-A425-492558B0B2EA",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:hyperflex_hx240c_af_m5_firmware:3.0\\(1a\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "BAD7F4B8-8287-4962-BA46-394F34ECC3BE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:hyperflex_hx240c_af_m5_firmware:3.5\\(2a\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "22F1CD5A-59FD-4F15-97DB-3FB7AF169E11",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:hyperflex_hx240c_af_m5:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "EFF775A8-5A2C-42B7-B26C-85921D803A25",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:hyperflex_hx220c_edge_m5_firmware:3.0\\(1a\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "8FF29A95-E8D3-4299-AE77-B7A349A9389F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:hyperflex_hx220c_edge_m5_firmware:3.5\\(2a\\):*:*:*:*:*:*:*",
              "matchCriteriaId": "10CD6BC0-5CE5-43C9-B078-28D12EFAFBA2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:hyperflex_hx220c_edge_m5:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "9B38E0BA-D320-406B-8739-6218B96DFD24",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A vulnerability in Cisco HyperFlex Software could allow an unauthenticated, remote attacker to perform a man-in-the-middle attack. The vulnerability is due to insufficient key management. An attacker could exploit this vulnerability by obtaining a specific encryption key for the cluster. A successful exploit could allow the attacker to perform a man-in-the-middle attack against other nodes in the cluster."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad en el software Cisco HyperFlex podr\u00eda permitir que un atacante remoto no autenticado realice un ataque man-in-the-middle. La vulnerabilidad se debe a una gesti\u00f3n de claves insuficiente. Un atacante podr\u00eda aprovechar esta vulnerabilidad al obtener una clave de cifrado espec\u00edfica para el cl\u00faster. Una explotaci\u00f3n exitosa podr\u00eda permitir al atacante realizar un ataque de hombre en el medio contra otros nodos en el cl\u00faster."
    }
  ],
  "id": "CVE-2019-12621",
  "lastModified": "2024-11-21T04:23:12.397",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.8,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 4.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.8,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 1.6,
        "impactScore": 5.2,
        "source": "psirt@cisco.com",
        "type": "Secondary"
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 7.4,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.2,
        "impactScore": 5.2,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2019-08-21T18:15:13.353",
  "references": [
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190821-hyperflex-sslkey"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190821-hyperflex-sslkey"
    }
  ],
  "sourceIdentifier": "psirt@cisco.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-320"
        }
      ],
      "source": "psirt@cisco.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-327"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.