MEDIUM✓ PATCH🇵🇱 Wersja polska

CVE-2019-12620

CVSS 5.3v3.1pub. 2019-09-18upd. 2024-11-21

A vulnerability in the statistics collection service of Cisco HyperFlex Software could allow an unauthenticated, remote attacker to inject arbitrary values on an affected device. The vulnerability is due to insufficient authentication for the statistics collection service. An attacker could exploit this vulnerability by sending properly formatted data values to the statistics collection service of an affected device. A successful exploit could allow the attacker to cause the web interface statistics view to present invalid data to users.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
  • Cisco Hyperflex Hx220c Af M5

    HW
    Cisco
    wszystkie wersje
  • Cisco Hyperflex Hx220c Af M5 Firmware

    OS
    Cisco
    3.0\(1a\)3.5\(2a\)4.0\(1a\)
  • Cisco Hyperflex Hx220c Edge M5

    HW
    Cisco
    wszystkie wersje
  • Cisco Hyperflex Hx220c Edge M5 Firmware

    OS
    Cisco
    3.0\(1a\)3.5\(2a\)4.0\(1a\)
  • Cisco Hyperflex Hx220c M5

    HW
    Cisco
    wszystkie wersje
  • Cisco Hyperflex Hx220c M5 Firmware

    OS
    Cisco
    3.0\(1a\)3.5\(2a\)4.0\(1a\)
  • Cisco Hyperflex Hx240c Af M5

    HW
    Cisco
    wszystkie wersje
  • Cisco Hyperflex Hx240c Af M5 Firmware

    OS
    Cisco
    3.0\(1a\)3.5\(2a\)4.0\(1a\)
  • Cisco Hyperflex Hx240c M5

    HW
    Cisco
    wszystkie wersje
  • Cisco Hyperflex Hx240c M5 Firmware

    OS
    Cisco
    3.0\(1a\)3.5\(2a\)4.0\(1a\)
🟢
PATCH AVAILABLE
Vendor update available. Deploy in standard maintenance cycle.
CWE
References

Related vulnerabilities

CVE-2021-1497CRITICAL9.8⚠ KEVten sam produkt

Multiple vulnerabilities in the web-based management interface of Cisco HyperFlex HX could allow an unauthenti...

CVE-2021-1498CRITICAL9.8⚠ KEVten sam produkt

Multiple vulnerabilities in the web-based management interface of Cisco HyperFlex HX could allow an unauthenti...

CVE-2019-12621HIGH7.4ten sam produkt

A vulnerability in Cisco HyperFlex Software could allow an unauthenticated, remote attacker to perform a man-i...

CVE-2021-1499MEDIUM5.3ten sam produkt

A vulnerability in the web-based management interface of Cisco HyperFlex HX Data Platform could allow an unaut...

CVE-2019-1975MEDIUM6.1ten sam produkt

A vulnerability in the web-based interface of Cisco HyperFlex Software could allow an unauthenticated, remote ...