First published: Wed Sep 18 2019(Updated: )
A vulnerability in the statistics collection service of Cisco HyperFlex Software could allow an unauthenticated, remote attacker to inject arbitrary values on an affected device. The vulnerability is due to insufficient authentication for the statistics collection service. An attacker could exploit this vulnerability by sending properly formatted data values to the statistics collection service of an affected device. A successful exploit could allow the attacker to cause the web interface statistics view to present invalid data to users.
Credit: ykramarz@cisco.com
Affected Software | Affected Version | How to fix |
---|---|---|
Cisco Hyperflex Hx220c M5 Firmware | =3.0\(1a\) | |
Cisco Hyperflex Hx220c M5 Firmware | =3.5\(2a\) | |
Cisco Hyperflex Hx220c M5 Firmware | =4.0\(1a\) | |
Cisco Hyperflex Hx220c M5 | ||
Cisco Hyperflex Hx240c M5 Firmware | =3.0\(1a\) | |
Cisco Hyperflex Hx240c M5 Firmware | =3.5\(2a\) | |
Cisco Hyperflex Hx240c M5 Firmware | =4.0\(1a\) | |
Cisco Hyperflex Hx240c M5 | ||
Cisco Hyperflex Hx220c Af M5 Firmware | =3.0\(1a\) | |
Cisco Hyperflex Hx220c Af M5 Firmware | =3.5\(2a\) | |
Cisco Hyperflex Hx220c Af M5 Firmware | =4.0\(1a\) | |
Cisco Hyperflex Hx220c Af M5 | ||
Cisco Hyperflex Hx240c Af M5 Firmware | =3.0\(1a\) | |
Cisco Hyperflex Hx240c Af M5 Firmware | =3.5\(2a\) | |
Cisco Hyperflex Hx240c Af M5 Firmware | =4.0\(1a\) | |
Cisco Hyperflex Hx240c Af M5 | ||
Cisco Hyperflex Hx220c Edge M5 Firmware | =3.0\(1a\) | |
Cisco Hyperflex Hx220c Edge M5 Firmware | =3.5\(2a\) | |
Cisco Hyperflex Hx220c Edge M5 Firmware | =4.0\(1a\) | |
Cisco Hyperflex Hx220c Edge M5 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID is CVE-2019-12620.
The severity level of CVE-2019-12620 is medium.
The vulnerability occurs due to insufficient authentication for the statistics collection service.
The affected software for CVE-2019-12620 includes Cisco Hyperflex Hx220c M5 Firmware versions 3.0(1a), 3.5(2a), and 4.0(1a), as well as Cisco Hyperflex Hx240c M5 Firmware versions 3.0(1a), 3.5(2a), and 4.0(1a).
To fix the vulnerability, it is recommended to update to the latest version of the affected software, as provided by Cisco.