Cisco HyperFlex HX Data Platform 访问控制错误漏洞

Cisco HyperFlex HX Data Platform is a network appliance from Cisco USA. Provides enterprise-class agility, scalability, security and lifecycle management capabilities. An access control error vulnerability exists in Cisco HyperFlex HX Data Platform, which can be exploited by an attacker to upload...

CVE-2021-1498

Multiple vulnerabilities in the web-based management interface of Cisco HyperFlex HX could allow an unauthenticated, remote attacker to perform command injection attacks against an affected device. For more information about these vulnerabilities, see the Details section of this advisory. Recent...

CVE-2021-1499

A vulnerability in the web-based management interface of Cisco HyperFlex HX Data Platform could allow an unauthenticated, remote attacker to upload files to an affected device. This vulnerability is due to missing authentication for the upload function. An attacker could exploit this vulnerabilit...

CVE-2021-1497

Multiple vulnerabilities in the web-based management interface of Cisco HyperFlex HX could allow an unauthenticated, remote attacker to perform command injection attacks against an affected device. For more information about these vulnerabilities, see the Details section of this advisory. Recent...

Cisco HyperFlex & Veeam CDP support status

Challenge Cisco HyperFlex VM Snapshot creation process will stop VMs if a Veeam CDP storage policy filter is present. Affected VMs will not boot anymore. Cause Each time a Cisco HyperFlex Snapshot is created when a Veeam CDP storage policy filter is present, the HyperFlex snapshot creation proces...

CVE-2020-3389

A vulnerability in the installation component of Cisco Hyperflex HX-Series Software could allow an authenticated, local attacker to retrieve the password that was configured at installation on an affected device. The vulnerability exists because sensitive information is stored as clear text. An...

CVE-2020-3389

A vulnerability in the installation component of Cisco Hyperflex HX-Series Software could allow an authenticated, local attacker to retrieve the password that was configured at installation on an affected device. The vulnerability exists because sensitive information is stored as clear text. An...

Design/Logic Flaw

A vulnerability in the installation component of Cisco Hyperflex HX-Series Software could allow an authenticated, local attacker to retrieve the password that was configured at installation on an affected device. The vulnerability exists because sensitive information is stored as clear text. An...

CVE-2020-3389

CVE-2020-3389 affects Cisco HyperFlex HX-Series Software installation component. An authenticated, local attacker can access a directory containing sensitive information, because the password configured at installation is stored in clear text. Successful exploitation could allow the attacker to r...

CVE-2020-3389 Cisco Hyperflex HX-Series Software Weak Storage Vulnerability

A vulnerability in the installation component of Cisco Hyperflex HX-Series Software could allow an authenticated, local attacker to retrieve the password that was configured at installation on an affected device. The vulnerability exists because sensitive information is stored as clear text. An...

CVE-2020-3389 Cisco Hyperflex HX-Series Software Weak Storage Vulnerability

A vulnerability in the installation component of Cisco Hyperflex HX-Series Software could allow an authenticated, local attacker to retrieve the password that was configured at installation on an affected device. The vulnerability exists because sensitive information is stored as clear text. An...

Cisco HyperFlex Software Unauthenticated Root Access (cisco-sa-20190220-chn-root-access)

According to its self-reported version, Cisco HyperFlex HX-Series is affected by a vulnerability in the hxterm service due to insufficient authentication controls. An unauthenticated, local attacker can exploit this, by connecting to the hxterm service as a non-privileged, local user, in order to...

Cisco Hyperflex HX-Series Software Weak Storage (cisco-sa-HYP-WSV-yT3j5hSB)

According to its self-reported version, Cisco HyperFlex HX Data Platform is affected by a vulnerability in the installation component because sensitive information is stored as clear text. An authenticated, local attacker can exploit this, by authenticating to an affected device and navigating to...

Cisco HyperFlex Software Command Injection (cisco-sa-20190220-hyperflex-injection)

According to its self-reported version, Cisco HyperFlex HX Data Platform is affected by a vulnerability in the cluster service manager due to insufficient input validation. An unauthenticated, adjacent attacker can exploit this, by connecting to the cluster service manager and injecting commands...

Cisco Hyperflex HX-Series Software Weak Storage Vulnerability

A vulnerability in the installation component of Cisco Hyperflex HX-Series Software could allow an authenticated, local attacker to retrieve the password that was configured at installation on an affected device. The vulnerability exists because sensitive information is stored as clear text. An...

Changed block tracking cannot be enabled: one or more snapshots are present

Challenge After upgrade to Veeam Backup & Replication 10, the Backup of a VM using Cisco HyperFlex Snapshots completes with the warning "Changed block tracking cannot be enabled: one or more snapshots are present" if a Sentinel snapshot is already present. The described issue with Cisco HyperFlex...

ESXi firewall changes required to process a Veeam backup from storage snapshot with Cisco HyperFlex IOvisor

Challenge To process a Veeam backup from storage snapshot with Cisco HyperFlex IOvisor, adjustments may have to be to the ESXi firewall settings. The process outlined below applies to all HyperFlex clusters running HX Data Platform 3.0 or later. Solution Before you add the HyperFlex Cluster into...

Cisco HyperFlex Web API Detection

Binary data ciscohyperflexwebapidetect.nbin...

Cisco HyperFlex Software Data Forgery Issue Vulnerability

Cisco HyperFlex is Cisco's hyperconverged infrastructure HCI platform built to meet the needs of multi-cloud IT, supporting any application, anywhere, with a simple hyperconverged infrastructure. A counter value injection vulnerability exists in the Statistics Information Collection Service in...

Cisco HyperFlex Software Cross-Site Scripting Vulnerability

Cisco HyperFlex is Cisco's hyperconverged infrastructure HCI platform built to meet the needs of multi-cloud IT, supporting any application, anywhere, with a simple hyperconverged infrastructure. A cross-site scripting vulnerability exists in the web interface of Cisco HyperFlex Software versions...