CVSS: 7.4EPSS: 0%CPEs: 15EXPL: 0CVE-2019-12621 – Cisco HyperFlex Static SSL Key Vulnerability
https://notcve.org/view.php?id=CVE-2019-12621
A vulnerability in Cisco HyperFlex Software could allow an unauthenticated, remote attacker to perform a man-in-the-middle attack. The vulnerability is due to insufficient key management. An attacker could exploit this vulnerability by obtaining a specific encryption key for the cluster. A successful exploit could allow the attacker to perform a man-in-the-middle attack against other nodes in the cluster. Una vulnerabilidad en el software Cisco HyperFlex podría permitir que un atacante remoto no autenticado realice un ataque man-in-the-middle. • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190821-hyperflex-sslkey • CWE-320: Key Management Errors CWE-327: Use of a Broken or Risky Cryptographic Algorithm •
CVSS: 8.8EPSS: 0%CPEs: 28EXPL: 0CVE-2019-1857 – Cisco HyperFlex HX-Series Web-Based Management Interface Cross-Site Request Forgery Vulnerability
https://notcve.org/view.php?id=CVE-2019-1857
A vulnerability in the web-based management interface of Cisco HyperFlex HX-Series could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected system. The vulnerability is due to insufficient CSRF protections for the web-based management interface of the affected software. An attacker could exploit this vulnerability by persuading a user of the interface to follow a crafted link. A successful exploit could allow the attacker to perform arbitrary actions on an affected system by using a web browser and with the privileges of the user. Una vulnerabilidad en la interfaz de administración basada en la web de HyperFlex HX-Series de Cisco, podría permitir a un atacante remoto no identificado dirija un ataque de tipo cross-site request forgery (CSRF) y ejecute acciones arbitrarias en un sistema afectado. • http://www.securityfocus.com/bid/108163 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190501-hyperflex-csrf • CWE-352: Cross-Site Request Forgery (CSRF) •