CVE-2019-12621 – Cisco HyperFlex Static SSL Key Vulnerability

https://notcve.org/view.php?id=CVE-2019-12621

A vulnerability in Cisco HyperFlex Software could allow an unauthenticated, remote attacker to perform a man-in-the-middle attack. The vulnerability is due to insufficient key management. An attacker could exploit this vulnerability by obtaining a specific encryption key for the cluster. A successful exploit could allow the attacker to perform a man-in-the-middle attack against other nodes in the cluster. Una vulnerabilidad en el software Cisco HyperFlex podría permitir que un atacante remoto no autenticado realice un ataque man-in-the-middle. • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190821-hyperflex-sslkey • CWE-320: Key Management Errors CWE-327: Use of a Broken or Risky Cryptographic Algorithm •