CVSS: 5.3EPSS: 0%CPEs: 20EXPL: 0CVE-2019-12620 – Cisco HyperFlex Software Counter Value Injection Vulnerability
https://notcve.org/view.php?id=CVE-2019-12620
18 Sep 2019 — A vulnerability in the statistics collection service of Cisco HyperFlex Software could allow an unauthenticated, remote attacker to inject arbitrary values on an affected device. The vulnerability is due to insufficient authentication for the statistics collection service. An attacker could exploit this vulnerability by sending properly formatted data values to the statistics collection service of an affected device. A successful exploit could allow the attacker to cause the web interface statistics view to... • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190918-hyperflex-valinj • CWE-345: Insufficient Verification of Data Authenticity •
CVSS: 6.5EPSS: 0%CPEs: 15EXPL: 0CVE-2019-1975 – Cisco HyperFlex Software Cross-Frame Scripting Vulnerability
https://notcve.org/view.php?id=CVE-2019-1975
18 Sep 2019 — A vulnerability in the web-based interface of Cisco HyperFlex Software could allow an unauthenticated, remote attacker to execute a cross-frame scripting (XFS) attack on an affected device. This vulnerability is due to insufficient HTML iframe protection. An attacker could exploit this vulnerability by directing a user to an attacker-controlled web page that contains a malicious HTML iframe. A successful exploit could allow the attacker to conduct clickjacking or other clientside browser attacks. Una vulner... • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190918-hyperflex-xfs • CWE-693: Protection Mechanism Failure CWE-1021: Improper Restriction of Rendered UI Layers or Frames •
CVSS: 7.4EPSS: 0%CPEs: 15EXPL: 0CVE-2019-12621 – Cisco HyperFlex Static SSL Key Vulnerability
https://notcve.org/view.php?id=CVE-2019-12621
21 Aug 2019 — A vulnerability in Cisco HyperFlex Software could allow an unauthenticated, remote attacker to perform a man-in-the-middle attack. The vulnerability is due to insufficient key management. An attacker could exploit this vulnerability by obtaining a specific encryption key for the cluster. A successful exploit could allow the attacker to perform a man-in-the-middle attack against other nodes in the cluster. Una vulnerabilidad en el software Cisco HyperFlex podría permitir que un atacante remoto no autenticado... • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190821-hyperflex-sslkey • CWE-320: Key Management Errors CWE-327: Use of a Broken or Risky Cryptographic Algorithm •
CVSS: 8.8EPSS: 0%CPEs: 28EXPL: 0CVE-2019-1857 – Cisco HyperFlex HX-Series Web-Based Management Interface Cross-Site Request Forgery Vulnerability
https://notcve.org/view.php?id=CVE-2019-1857
03 May 2019 — A vulnerability in the web-based management interface of Cisco HyperFlex HX-Series could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected system. The vulnerability is due to insufficient CSRF protections for the web-based management interface of the affected software. An attacker could exploit this vulnerability by persuading a user of the interface to follow a crafted link. A successful exploit could allow the attac... • http://www.securityfocus.com/bid/108163 • CWE-352: Cross-Site Request Forgery (CSRF) •