Vulnerability Details CVE-2019-12621
A vulnerability in Cisco HyperFlex Software could allow an unauthenticated, remote attacker to perform a man-in-the-middle attack. The vulnerability is due to insufficient key management. An attacker could exploit this vulnerability by obtaining a specific encryption key for the cluster. A successful exploit could allow the attacker to perform a man-in-the-middle attack against other nodes in the cluster.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 23.4%
CVSS Severity
CVSS v3 Score 6.8
CVSS v2 Score 5.8
References
Products affected by CVE-2019-12621
-
cpe:2.3:h:cisco:hyperflex_hx220c_af_m5:-
-
cpe:2.3:h:cisco:hyperflex_hx220c_edge_m5:-
-
cpe:2.3:h:cisco:hyperflex_hx220c_m5:-
-
cpe:2.3:h:cisco:hyperflex_hx240c_af_m5:-
-
cpe:2.3:h:cisco:hyperflex_hx240c_m5:-
-
cpe:2.3:o:cisco:hyperflex_hx220c_af_m5_firmware:3.0(1a)
-
cpe:2.3:o:cisco:hyperflex_hx220c_af_m5_firmware:3.5(2a)
-
cpe:2.3:o:cisco:hyperflex_hx220c_edge_m5_firmware:3.0(1a)
-
cpe:2.3:o:cisco:hyperflex_hx220c_edge_m5_firmware:3.5(2a)
-
cpe:2.3:o:cisco:hyperflex_hx220c_m5_firmware:3.0(1a)
-
cpe:2.3:o:cisco:hyperflex_hx220c_m5_firmware:3.5(2a)
-
cpe:2.3:o:cisco:hyperflex_hx240c_af_m5_firmware:3.0(1a)
-
cpe:2.3:o:cisco:hyperflex_hx240c_af_m5_firmware:3.5(2a)
-
cpe:2.3:o:cisco:hyperflex_hx240c_m5_firmware:3.0(1a)
-
cpe:2.3:o:cisco:hyperflex_hx240c_m5_firmware:3.5(2a)