239 matches found
Cisco HyperFlex Software Counter Value Injection Vulnerability
A vulnerability in the statistics collection service of Cisco HyperFlex Software could allow an unauthenticated, remote attacker to inject arbitrary values on an affected device. The vulnerability is due to insufficient authentication for the statistics collection service. An attacker could explo...
The vulnerability in the web interface of Cisco HyperFlex’s hyper-converged infrastructure allows a attacker to perform arbitrary actions on a vulnerable device using a specially crafted link.
The vulnerability of the web interface for managing Cisco HyperFlex infrastructure is related to errors in authenticating the requests being executed. Exploiting this vulnerability allows a malicious actor to perform arbitrary actions on the vulnerable device using a specially crafted link...
The vulnerability of the Cisco HyperFlex hyper-converged infrastructure, related to errors in managing cryptographic keys, allows a perpetrator to execute a “man-in-the-middle” type attack.
The vulnerability of the Cisco HyperFlex hyper-converged infrastructure is related to errors in managing cryptographic keys. Exploiting this vulnerability could allow a remote attacker to execute a “man-in-the-middle” type attack...
Cisco HyperFlex Software Static SSL Key Vulnerability
Cisco HyperFlex is Cisco's hyperconverged infrastructure HCI platform built to meet the needs of multi-cloud IT, supported by a simple hyperconverged infrastructure. A static SSL key vulnerability exists in Cisco HyperFlex Software versions prior to 4.01a. The vulnerability stems from inadequate...
CVE-2019-12621
A vulnerability in Cisco HyperFlex Software could allow an unauthenticated, remote attacker to perform a man-in-the-middle attack. The vulnerability is due to insufficient key management. An attacker could exploit this vulnerability by obtaining a specific encryption key for the cluster. A...
CVE-2019-12621
A vulnerability in Cisco HyperFlex Software could allow an unauthenticated, remote attacker to perform a man-in-the-middle attack. The vulnerability is due to insufficient key management. An attacker could exploit this vulnerability by obtaining a specific encryption key for the cluster. A...
Design/Logic Flaw
A vulnerability in Cisco HyperFlex Software could allow an unauthenticated, remote attacker to perform a man-in-the-middle attack. The vulnerability is due to insufficient key management. An attacker could exploit this vulnerability by obtaining a specific encryption key for the cluster. A...
CVE-2019-12621 Cisco HyperFlex Static SSL Key Vulnerability
A vulnerability in Cisco HyperFlex Software could allow an unauthenticated, remote attacker to perform a man-in-the-middle attack. The vulnerability is due to insufficient key management. An attacker could exploit this vulnerability by obtaining a specific encryption key for the cluster. A...
CVE-2019-12621 Cisco HyperFlex Static SSL Key Vulnerability
A vulnerability in Cisco HyperFlex Software could allow an unauthenticated, remote attacker to perform a man-in-the-middle attack. The vulnerability is due to insufficient key management. An attacker could exploit this vulnerability by obtaining a specific encryption key for the cluster. A...
CVE-2019-12621
CVE-2019-12621 corresponds to Cisco HyperFlex Static SSL Key Vulnerability. Cisco HyperFlex Software versions prior to 4.0(1a) are affected due to inadequate key management, allowing an unauthenticated, remote attacker to obtain a cluster-specific encryption key and perform a man-in-the-middle at...
Cisco HyperFlex Static SSL Key Vulnerability
A vulnerability in Cisco HyperFlex Software could allow an unauthenticated, remote attacker to perform a man-in-the-middle attack. The vulnerability is due to insufficient key management. An attacker could exploit this vulnerability by obtaining a specific encryption key for the cluster. A...
CVE-2019-1958
A vulnerability in the web-based management interface of Cisco HyperFlex Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery CSRF attack on an affected system. The vulnerability is due to insufficient CSRF protections for the web UI on an affected...
CVE-2019-1958
A vulnerability in the web-based management interface of Cisco HyperFlex Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery CSRF attack on an affected system. The vulnerability is due to insufficient CSRF protections for the web UI on an affected...
Cross site request forgery (csrf)
A vulnerability in the web-based management interface of Cisco HyperFlex Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery CSRF attack on an affected system. The vulnerability is due to insufficient CSRF protections for the web UI on an affected...
CVE-2019-1958 Cisco HyperFlex Software Cross-Site Request Forgery Vulnerability
A vulnerability in the web-based management interface of Cisco HyperFlex Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery CSRF attack on an affected system. The vulnerability is due to insufficient CSRF protections for the web UI on an affected...
CVE-2019-1958
The CVE-2019-1958 entry concerns Cisco HyperFlex Software. The vulnerability affects the web-based management interface and is caused by insufficient CSRF protections, enabling an unauthenticated, remote attacker to induce CSRF via social engineering (tricking a user to follow a malicious link). ...
CVE-2019-1958 Cisco HyperFlex Software Cross-Site Request Forgery Vulnerability
A vulnerability in the web-based management interface of Cisco HyperFlex Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery CSRF attack on an affected system. The vulnerability is due to insufficient CSRF protections for the web UI on an affected...
Cisco HyperFlex Software Cross-Site Request Forgery Vulnerability
A vulnerability in the web-based management interface of Cisco HyperFlex Software could allow an unauthenticated, remote attacker to conduct a cross-site request forgery CSRF attack on an affected system. The vulnerability is due to insufficient CSRF protections for the web UI on an affected...
PT-2019-3139 · Cisco · Cisco Hyperflex
Name of the Vulnerable Software and Affected Versions: Cisco HyperFlex Software affected versions not specified Description: The issue is related to errors in authentication request checks in the web-based management interface of Cisco HyperFlex Software. This could allow a remote attacker to...
Cisco HyperFlex Software Cross-Site Request Forgery Vulnerability
Cisco HyperFlex Software is the United States Cisco Cisco company's set of scalable distributed file system. The system provides unified computing, storage and networking through cloud management, and provides enterprise-class data management and optimization services. A cross-site request forger...