CVE-2020-3389

MEDIUM

Cisco Hyperflex HX-Series Software - Info Disclosure

Title source: llm

Description

A vulnerability in the installation component of Cisco Hyperflex HX-Series Software could allow an authenticated, local attacker to retrieve the password that was configured at installation on an affected device. The vulnerability exists because sensitive information is stored as clear text. An attacker could exploit this vulnerability by authenticating to an affected device and navigating to the directory that contains sensitive information. A successful exploit could allow the attacker to obtain sensitive information in clear text from the affected device.

References (1)

[Vendor Advisory] https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-HYP-WSV-yT3j5hSB

Scores

CVSS v3 4.4

EPSS 0.0004

EPSS Percentile 10.9%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-310 CWE-311

Status published

Products (1)

cisco/hyperflex_hx-series_software 4.0\(2a\)

Published Aug 26, 2020

Tracked Since Feb 18, 2026