First published: Wed Aug 21 2019(Updated: )
A vulnerability in Cisco HyperFlex Software could allow an unauthenticated, remote attacker to perform a man-in-the-middle attack. The vulnerability is due to insufficient key management. An attacker could exploit this vulnerability by obtaining a specific encryption key for the cluster. A successful exploit could allow the attacker to perform a man-in-the-middle attack against other nodes in the cluster.
Credit: ykramarz@cisco.com
Affected Software | Affected Version | How to fix |
---|---|---|
Cisco Hyperflex Hx220c M5 Firmware | =3.0\(1a\) | |
Cisco Hyperflex Hx220c M5 Firmware | =3.5\(2a\) | |
Cisco Hyperflex Hx220c M5 | ||
Cisco Hyperflex Hx240c M5 Firmware | =3.0\(1a\) | |
Cisco Hyperflex Hx240c M5 Firmware | =3.5\(2a\) | |
Cisco Hyperflex Hx240c M5 | ||
Cisco Hyperflex Hx220c Af M5 Firmware | =3.0\(1a\) | |
Cisco Hyperflex Hx220c Af M5 Firmware | =3.5\(2a\) | |
Cisco Hyperflex Hx220c Af M5 | ||
Cisco Hyperflex Hx240c Af M5 Firmware | =3.0\(1a\) | |
Cisco Hyperflex Hx240c Af M5 Firmware | =3.5\(2a\) | |
Cisco Hyperflex Hx240c Af M5 | ||
Cisco Hyperflex Hx220c Edge M5 Firmware | =3.0\(1a\) | |
Cisco Hyperflex Hx220c Edge M5 Firmware | =3.5\(2a\) | |
Cisco Hyperflex Hx220c Edge M5 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2019-12621 is a vulnerability in Cisco HyperFlex Software that allows an unauthenticated remote attacker to perform a man-in-the-middle attack.
CVE-2019-12621 has a severity rating of 7.4 (high).
The affected software for CVE-2019-12621 is Cisco HyperFlex Software versions 3.0(1a) and 3.5(2a).
An attacker can exploit CVE-2019-12621 by obtaining a specific encryption key for the cluster.
No, Cisco HyperFlex HX is not vulnerable to CVE-2019-12621.