CVE-2019-12621

{"id": "CVE-2019-12621", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 4.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Secondary", "source": "ykramarz@cisco.com", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 6.8, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.2, "exploitabilityScore": 1.6}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.4, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.2, "exploitabilityScore": 2.2}]}, "published": "2019-08-21T18:15:13.353", "references": [{"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190821-hyperflex-sslkey", "tags": ["Vendor Advisory"], "source": "ykramarz@cisco.com"}, {"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190821-hyperflex-sslkey", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "ykramarz@cisco.com", "description": [{"lang": "en", "value": "CWE-320"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-327"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability in Cisco HyperFlex Software could allow an unauthenticated, remote attacker to perform a man-in-the-middle attack. The vulnerability is due to insufficient key management. An attacker could exploit this vulnerability by obtaining a specific encryption key for the cluster. A successful exploit could allow the attacker to perform a man-in-the-middle attack against other nodes in the cluster."}, {"lang": "es", "value": "Una vulnerabilidad en el software Cisco HyperFlex podr\u00eda permitir que un atacante remoto no autenticado realice un ataque man-in-the-middle. La vulnerabilidad se debe a una gesti\u00f3n de claves insuficiente. Un atacante podr\u00eda aprovechar esta vulnerabilidad al obtener una clave de cifrado espec\u00edfica para el cl\u00faster. Una explotaci\u00f3n exitosa podr\u00eda permitir al atacante realizar un ataque de hombre en el medio contra otros nodos en el cl\u00faster."}], "lastModified": "2024-11-21T04:23:12.397", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:cisco:hyperflex_hx220c_m5_firmware:3.0\\(1a\\):*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "58FC3EAE-8782-4B0E-9A4E-44992AC084C4"}, {"criteria": "cpe:2.3:o:cisco:hyperflex_hx220c_m5_firmware:3.5\\(2a\\):*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "178FAB77-1990-4E88-B807-B4D894009AFD"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:cisco:hyperflex_hx220c_m5:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "6E19D6AF-E190-463D-B359-BB02362490D1"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:cisco:hyperflex_hx240c_m5_firmware:3.0\\(1a\\):*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CC9E6658-E058-4A76-9793-1A2DEB361A2A"}, {"criteria": "cpe:2.3:o:cisco:hyperflex_hx240c_m5_firmware:3.5\\(2a\\):*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "90FA83FB-2D2E-4456-8362-9C5046346107"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:cisco:hyperflex_hx240c_m5:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "5009EC3A-40C9-44B0-8E5E-599657F819FA"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:cisco:hyperflex_hx220c_af_m5_firmware:3.0\\(1a\\):*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5E0F3A0F-5A96-425F-9885-D0EFDB3A57B1"}, {"criteria": "cpe:2.3:o:cisco:hyperflex_hx220c_af_m5_firmware:3.5\\(2a\\):*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E03529C2-1F95-4392-8845-68250211476B"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:cisco:hyperflex_hx220c_af_m5:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "0D5AFDE1-3A3B-4AF8-A425-492558B0B2EA"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:cisco:hyperflex_hx240c_af_m5_firmware:3.0\\(1a\\):*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BAD7F4B8-8287-4962-BA46-394F34ECC3BE"}, {"criteria": "cpe:2.3:o:cisco:hyperflex_hx240c_af_m5_firmware:3.5\\(2a\\):*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "22F1CD5A-59FD-4F15-97DB-3FB7AF169E11"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:cisco:hyperflex_hx240c_af_m5:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "EFF775A8-5A2C-42B7-B26C-85921D803A25"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:cisco:hyperflex_hx220c_edge_m5_firmware:3.0\\(1a\\):*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8FF29A95-E8D3-4299-AE77-B7A349A9389F"}, {"criteria": "cpe:2.3:o:cisco:hyperflex_hx220c_edge_m5_firmware:3.5\\(2a\\):*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "10CD6BC0-5CE5-43C9-B078-28D12EFAFBA2"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:cisco:hyperflex_hx220c_edge_m5:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "9B38E0BA-D320-406B-8739-6218B96DFD24"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "ykramarz@cisco.com"}