Description
A vulnerability in Cisco HyperFlex Software could allow an unauthenticated, remote attacker to perform a man-in-the-middle attack. The vulnerability is due to insufficient key management. An attacker could exploit this vulnerability by obtaining a specific encryption key for the cluster. A successful exploit could allow the attacker to perform a man-in-the-middle attack against other nodes in the cluster.
References (1)
Core 1
Core References
Vendor Advisory vendor-advisory
x_refsource_cisco
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190821-hyperflex-sslkey
Scores
CVSS v3
7.4
EPSS
0.0038
EPSS Percentile
29.2%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-327
CWE-320
Status
published
Products (10)
cisco/hyperflex_hx220c_af_m5_firmware
3.0\(1a\)
cisco/hyperflex_hx220c_af_m5_firmware
3.5\(2a\)
cisco/hyperflex_hx220c_edge_m5_firmware
3.0\(1a\)
cisco/hyperflex_hx220c_edge_m5_firmware
3.5\(2a\)
cisco/hyperflex_hx220c_m5_firmware
3.0\(1a\)
cisco/hyperflex_hx220c_m5_firmware
3.5\(2a\)
cisco/hyperflex_hx240c_af_m5_firmware
3.0\(1a\)
cisco/hyperflex_hx240c_af_m5_firmware
3.5\(2a\)
cisco/hyperflex_hx240c_m5_firmware
3.0\(1a\)
cisco/hyperflex_hx240c_m5_firmware
3.5\(2a\)
Published
Aug 21, 2019
Tracked Since
Feb 18, 2026