Vulnerability Description
A vulnerability in Cisco HyperFlex Software could allow an unauthenticated, remote attacker to perform a man-in-the-middle attack. The vulnerability is due to insufficient key management. An attacker could exploit this vulnerability by obtaining a specific encryption key for the cluster. A successful exploit could allow the attacker to perform a man-in-the-middle attack against other nodes in the cluster.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cisco | Hyperflex Hx220C M5 Firmware | 3.0\(1a\) |
| Cisco | Hyperflex Hx220C M5 | - |
| Cisco | Hyperflex Hx240C M5 Firmware | 3.0\(1a\) |
| Cisco | Hyperflex Hx240C M5 | - |
| Cisco | Hyperflex Hx220C Af M5 Firmware | 3.0\(1a\) |
| Cisco | Hyperflex Hx220C Af M5 | - |
| Cisco | Hyperflex Hx240C Af M5 Firmware | 3.0\(1a\) |
| Cisco | Hyperflex Hx240C Af M5 | - |
| Cisco | Hyperflex Hx220C Edge M5 Firmware | 3.0\(1a\) |
| Cisco | Hyperflex Hx220C Edge M5 | - |
Related Weaknesses (CWE)
References
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-2Vendor Advisory
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-2Vendor Advisory
FAQ
What is CVE-2019-12621?
CVE-2019-12621 is a vulnerability with a CVSS score of 7.4 (HIGH). A vulnerability in Cisco HyperFlex Software could allow an unauthenticated, remote attacker to perform a man-in-the-middle attack. The vulnerability is due to insufficient key management. An attacker ...
How severe is CVE-2019-12621?
CVE-2019-12621 has been rated HIGH with a CVSS base score of 7.4/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2019-12621?
Check the references section above for vendor advisories and patch information. Affected products include: Cisco Hyperflex Hx220C M5 Firmware, Cisco Hyperflex Hx220C M5, Cisco Hyperflex Hx240C M5 Firmware, Cisco Hyperflex Hx240C M5, Cisco Hyperflex Hx220C Af M5 Firmware.