Lucene search

CiscoCVE-2019-12620

HistorySep 18, 2019 - 5:15 p.m.

CVE-2019-12620

2019-09-1817:15:15

CWE-345

cisco

web.nvd.nist.gov

cisco

hyperflex

software

vulnerability

cve-2019-12620

remote attacker

statistics collection service

web interface

nvd

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

AI Score

5.6

Confidence

High

EPSS

0.001

Percentile

49.3%

JSON

A vulnerability in the statistics collection service of Cisco HyperFlex Software could allow an unauthenticated, remote attacker to inject arbitrary values on an affected device. The vulnerability is due to insufficient authentication for the statistics collection service. An attacker could exploit this vulnerability by sending properly formatted data values to the statistics collection service of an affected device. A successful exploit could allow the attacker to cause the web interface statistics view to present invalid data to users.

Affected configurations

Nvd

Node

ciscohyperflex_hx220c_m5_firmwareMatch3.0\(1a\)

ciscohyperflex_hx220c_m5_firmwareMatch3.5\(2a\)

ciscohyperflex_hx220c_m5_firmwareMatch4.0\(1a\)

AND

ciscohyperflex_hx220c_m5Match-

Node

ciscohyperflex_hx240c_m5_firmwareMatch3.0\(1a\)

ciscohyperflex_hx240c_m5_firmwareMatch3.5\(2a\)

ciscohyperflex_hx240c_m5_firmwareMatch4.0\(1a\)

AND

ciscohyperflex_hx240c_m5Match-

Node

ciscohyperflex_hx220c_af_m5_firmwareMatch3.0\(1a\)

ciscohyperflex_hx220c_af_m5_firmwareMatch3.5\(2a\)

ciscohyperflex_hx220c_af_m5_firmwareMatch4.0\(1a\)

AND

ciscohyperflex_hx220c_af_m5Match-

Node

ciscohyperflex_hx240c_af_m5_firmwareMatch3.0\(1a\)

ciscohyperflex_hx240c_af_m5_firmwareMatch3.5\(2a\)

ciscohyperflex_hx240c_af_m5_firmwareMatch4.0\(1a\)

AND

ciscohyperflex_hx240c_af_m5Match-

Node

ciscohyperflex_hx220c_edge_m5_firmwareMatch3.0\(1a\)

ciscohyperflex_hx220c_edge_m5_firmwareMatch3.5\(2a\)

ciscohyperflex_hx220c_edge_m5_firmwareMatch4.0\(1a\)

AND

ciscohyperflex_hx220c_edge_m5Match-

VendorProductVersionCPE
ciscohyperflex_hx220c_m5_firmware3.0(1a)cpe:2.3:o:cisco:hyperflex_hx220c_m5_firmware:3.0\(1a\):*:*:*:*:*:*:*
ciscohyperflex_hx220c_m5_firmware3.5(2a)cpe:2.3:o:cisco:hyperflex_hx220c_m5_firmware:3.5\(2a\):*:*:*:*:*:*:*
ciscohyperflex_hx220c_m5_firmware4.0(1a)cpe:2.3:o:cisco:hyperflex_hx220c_m5_firmware:4.0\(1a\):*:*:*:*:*:*:*
ciscohyperflex_hx220c_m5-cpe:2.3:h:cisco:hyperflex_hx220c_m5:-:*:*:*:*:*:*:*
ciscohyperflex_hx240c_m5_firmware3.0(1a)cpe:2.3:o:cisco:hyperflex_hx240c_m5_firmware:3.0\(1a\):*:*:*:*:*:*:*
ciscohyperflex_hx240c_m5_firmware3.5(2a)cpe:2.3:o:cisco:hyperflex_hx240c_m5_firmware:3.5\(2a\):*:*:*:*:*:*:*
ciscohyperflex_hx240c_m5_firmware4.0(1a)cpe:2.3:o:cisco:hyperflex_hx240c_m5_firmware:4.0\(1a\):*:*:*:*:*:*:*
ciscohyperflex_hx240c_m5-cpe:2.3:h:cisco:hyperflex_hx240c_m5:-:*:*:*:*:*:*:*
ciscohyperflex_hx220c_af_m5_firmware3.0(1a)cpe:2.3:o:cisco:hyperflex_hx220c_af_m5_firmware:3.0\(1a\):*:*:*:*:*:*:*
ciscohyperflex_hx220c_af_m5_firmware3.5(2a)cpe:2.3:o:cisco:hyperflex_hx220c_af_m5_firmware:3.5\(2a\):*:*:*:*:*:*:*

Vendor	Product	Version	CPE
cisco	hyperflex_hx220c_m5_firmware	3.0(1a)	cpe:2.3:o:cisco:hyperflex_hx220c_m5_firmware:3.0\(1a\):::::::*
cisco	hyperflex_hx220c_m5_firmware	3.5(2a)	cpe:2.3:o:cisco:hyperflex_hx220c_m5_firmware:3.5\(2a\):::::::*
cisco	hyperflex_hx220c_m5_firmware	4.0(1a)	cpe:2.3:o:cisco:hyperflex_hx220c_m5_firmware:4.0\(1a\):::::::*
cisco	hyperflex_hx220c_m5	-	cpe:2.3:h:cisco:hyperflex_hx220c_m5:-:::::::*
cisco	hyperflex_hx240c_m5_firmware	3.0(1a)	cpe:2.3:o:cisco:hyperflex_hx240c_m5_firmware:3.0\(1a\):::::::*
cisco	hyperflex_hx240c_m5_firmware	3.5(2a)	cpe:2.3:o:cisco:hyperflex_hx240c_m5_firmware:3.5\(2a\):::::::*
cisco	hyperflex_hx240c_m5_firmware	4.0(1a)	cpe:2.3:o:cisco:hyperflex_hx240c_m5_firmware:4.0\(1a\):::::::*
cisco	hyperflex_hx240c_m5	-	cpe:2.3:h:cisco:hyperflex_hx240c_m5:-:::::::*
cisco	hyperflex_hx220c_af_m5_firmware	3.0(1a)	cpe:2.3:o:cisco:hyperflex_hx220c_af_m5_firmware:3.0\(1a\):::::::*
cisco	hyperflex_hx220c_af_m5_firmware	3.5(2a)	cpe:2.3:o:cisco:hyperflex_hx220c_af_m5_firmware:3.5\(2a\):::::::*

Rows per page:

1-10 of 201

CNA Affected

[
  {
    "product": "Cisco HyperFlex HX-Series",
    "vendor": "Cisco",
    "versions": [
      {
        "lessThan": "3.5.2f",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]

References

tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190918-hyperflex-valinj

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

AI Score

5.6

Confidence

High

EPSS

0.001

Percentile

49.3%

JSON

Related for CVE-2019-12620