3 results (0.017 seconds)

CVSS: 5.3EPSS: 0%CPEs: 20EXPL: 0

A vulnerability in the statistics collection service of Cisco HyperFlex Software could allow an unauthenticated, remote attacker to inject arbitrary values on an affected device. The vulnerability is due to insufficient authentication for the statistics collection service. An attacker could exploit this vulnerability by sending properly formatted data values to the statistics collection service of an affected device. A successful exploit could allow the attacker to cause the web interface statistics view to present invalid data to users. Una vulnerabilidad en el servicio de recopilación de estadísticas de Cisco HyperFlex Software, podría permitir a un atacante remoto no autenticado inyectar valores arbitrarios sobre un dispositivo afectado. • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190918-hyperflex-valinj • CWE-345: Insufficient Verification of Data Authenticity •

CVSS: 7.4EPSS: 0%CPEs: 15EXPL: 0

A vulnerability in Cisco HyperFlex Software could allow an unauthenticated, remote attacker to perform a man-in-the-middle attack. The vulnerability is due to insufficient key management. An attacker could exploit this vulnerability by obtaining a specific encryption key for the cluster. A successful exploit could allow the attacker to perform a man-in-the-middle attack against other nodes in the cluster. Una vulnerabilidad en el software Cisco HyperFlex podría permitir que un atacante remoto no autenticado realice un ataque man-in-the-middle. • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190821-hyperflex-sslkey • CWE-320: Key Management Errors CWE-327: Use of a Broken or Risky Cryptographic Algorithm •

CVSS: 8.8EPSS: 0%CPEs: 28EXPL: 0

A vulnerability in the web-based management interface of Cisco HyperFlex HX-Series could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack and perform arbitrary actions on an affected system. The vulnerability is due to insufficient CSRF protections for the web-based management interface of the affected software. An attacker could exploit this vulnerability by persuading a user of the interface to follow a crafted link. A successful exploit could allow the attacker to perform arbitrary actions on an affected system by using a web browser and with the privileges of the user. Una vulnerabilidad en la interfaz de administración basada en la web de HyperFlex HX-Series de Cisco, podría permitir a un atacante remoto no identificado dirija un ataque de tipo cross-site request forgery (CSRF) y ejecute acciones arbitrarias en un sistema afectado. • http://www.securityfocus.com/bid/108163 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190501-hyperflex-csrf • CWE-352: Cross-Site Request Forgery (CSRF) •