{"containers": {"cna": {"affected": [{"product": "Cisco HyperFlex HX-Series ", "vendor": "Cisco", "versions": [{"lessThan": "4.0(1a)", "status": "affected", "version": "unspecified", "versionType": "custom"}]}], "datePublic": "2019-08-21T00:00:00", "descriptions": [{"lang": "en", "value": "A vulnerability in Cisco HyperFlex Software could allow an unauthenticated, remote attacker to perform a man-in-the-middle attack. The vulnerability is due to insufficient key management. An attacker could exploit this vulnerability by obtaining a specific encryption key for the cluster. A successful exploit could allow the attacker to perform a man-in-the-middle attack against other nodes in the cluster."}], "exploits": [{"lang": "en", "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. "}], "metrics": [{"cvssV3_0": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", "version": "3.0"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-320", "description": "CWE-320", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2019-08-21T18:00:28", "orgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "shortName": "cisco"}, "references": [{"name": "20190821 Cisco HyperFlex Static SSL Key Vulnerability", "tags": ["vendor-advisory", "x_refsource_CISCO"], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190821-hyperflex-sslkey"}], "source": {"advisory": "cisco-sa-20190821-hyperflex-sslkey", "defect": [["CSCvk59403"]], "discovery": "INTERNAL"}, "title": "Cisco HyperFlex Static SSL Key Vulnerability", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@cisco.com", "DATE_PUBLIC": "2019-08-21T16:00:00-0700", "ID": "CVE-2019-12621", "STATE": "PUBLIC", "TITLE": "Cisco HyperFlex Static SSL Key Vulnerability"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Cisco HyperFlex HX-Series ", "version": {"version_data": [{"affected": "<", "version_affected": "<", "version_value": "4.0(1a)"}]}}]}, "vendor_name": "Cisco"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A vulnerability in Cisco HyperFlex Software could allow an unauthenticated, remote attacker to perform a man-in-the-middle attack. The vulnerability is due to insufficient key management. An attacker could exploit this vulnerability by obtaining a specific encryption key for the cluster. A successful exploit could allow the attacker to perform a man-in-the-middle attack against other nodes in the cluster."}]}, "exploit": [{"lang": "en", "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory. "}], "impact": {"cvss": {"baseScore": "6.8", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N ", "version": "3.0"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-320"}]}]}, "references": {"reference_data": [{"name": "20190821 Cisco HyperFlex Static SSL Key Vulnerability", "refsource": "CISCO", "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190821-hyperflex-sslkey"}]}, "source": {"advisory": "cisco-sa-20190821-hyperflex-sslkey", "defect": [["CSCvk59403"]], "discovery": "INTERNAL"}}}}, "cveMetadata": {"assignerOrgId": "d1c1063e-7a18-46af-9102-31f8928bc633", "assignerShortName": "cisco", "cveId": "CVE-2019-12621", "datePublished": "2019-08-21T00:00:00", "dateReserved": "2019-06-04T00:00:00", "dateUpdated": "2019-08-21T18:00:28", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:cisco:hyperflex_hx220c_m5_firmware:3.0\\(1a\\):*:*:*:*:*:*:*", "matchCriteriaId": "58FC3EAE-8782-4B0E-9A4E-44992AC084C4", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:hyperflex_hx220c_m5_firmware:3.5\\(2a\\):*:*:*:*:*:*:*", "matchCriteriaId": "178FAB77-1990-4E88-B807-B4D894009AFD", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:cisco:hyperflex_hx220c_m5:-:*:*:*:*:*:*:*", "matchCriteriaId": "6E19D6AF-E190-463D-B359-BB02362490D1", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:cisco:hyperflex_hx240c_m5_firmware:3.0\\(1a\\):*:*:*:*:*:*:*", "matchCriteriaId": "CC9E6658-E058-4A76-9793-1A2DEB361A2A", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:hyperflex_hx240c_m5_firmware:3.5\\(2a\\):*:*:*:*:*:*:*", "matchCriteriaId": "90FA83FB-2D2E-4456-8362-9C5046346107", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:cisco:hyperflex_hx240c_m5:-:*:*:*:*:*:*:*", "matchCriteriaId": "5009EC3A-40C9-44B0-8E5E-599657F819FA", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:cisco:hyperflex_hx220c_af_m5_firmware:3.0\\(1a\\):*:*:*:*:*:*:*", "matchCriteriaId": "5E0F3A0F-5A96-425F-9885-D0EFDB3A57B1", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:hyperflex_hx220c_af_m5_firmware:3.5\\(2a\\):*:*:*:*:*:*:*", "matchCriteriaId": "E03529C2-1F95-4392-8845-68250211476B", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:cisco:hyperflex_hx220c_af_m5:-:*:*:*:*:*:*:*", "matchCriteriaId": "0D5AFDE1-3A3B-4AF8-A425-492558B0B2EA", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:cisco:hyperflex_hx240c_af_m5_firmware:3.0\\(1a\\):*:*:*:*:*:*:*", "matchCriteriaId": "BAD7F4B8-8287-4962-BA46-394F34ECC3BE", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:hyperflex_hx240c_af_m5_firmware:3.5\\(2a\\):*:*:*:*:*:*:*", "matchCriteriaId": "22F1CD5A-59FD-4F15-97DB-3FB7AF169E11", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:cisco:hyperflex_hx240c_af_m5:-:*:*:*:*:*:*:*", "matchCriteriaId": "EFF775A8-5A2C-42B7-B26C-85921D803A25", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:cisco:hyperflex_hx220c_edge_m5_firmware:3.0\\(1a\\):*:*:*:*:*:*:*", "matchCriteriaId": "8FF29A95-E8D3-4299-AE77-B7A349A9389F", "vulnerable": true}, {"criteria": "cpe:2.3:o:cisco:hyperflex_hx220c_edge_m5_firmware:3.5\\(2a\\):*:*:*:*:*:*:*", "matchCriteriaId": "10CD6BC0-5CE5-43C9-B078-28D12EFAFBA2", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:cisco:hyperflex_hx220c_edge_m5:-:*:*:*:*:*:*:*", "matchCriteriaId": "9B38E0BA-D320-406B-8739-6218B96DFD24", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "A vulnerability in Cisco HyperFlex Software could allow an unauthenticated, remote attacker to perform a man-in-the-middle attack. The vulnerability is due to insufficient key management. An attacker could exploit this vulnerability by obtaining a specific encryption key for the cluster. A successful exploit could allow the attacker to perform a man-in-the-middle attack against other nodes in the cluster."}, {"lang": "es", "value": "Una vulnerabilidad en el software Cisco HyperFlex podr\u00eda permitir que un atacante remoto no autenticado realice un ataque man-in-the-middle. La vulnerabilidad se debe a una gesti\u00f3n de claves insuficiente. Un atacante podr\u00eda aprovechar esta vulnerabilidad al obtener una clave de cifrado espec\u00edfica para el cl\u00faster. Una explotaci\u00f3n exitosa podr\u00eda permitir al atacante realizar un ataque de hombre en el medio contra otros nodos en el cl\u00faster."}], "id": "CVE-2019-12621", "lastModified": "2021-10-28T16:14:03.097", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N", "version": "3.0"}, "exploitabilityScore": 1.6, "impactScore": 5.2, "source": "ykramarz@cisco.com", "type": "Secondary"}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.4, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 5.2, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-08-21T18:15:13.353", "references": [{"source": "ykramarz@cisco.com", "tags": ["Vendor Advisory"], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190821-hyperflex-sslkey"}], "sourceIdentifier": "ykramarz@cisco.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-327"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-320"}], "source": "ykramarz@cisco.com", "type": "Secondary"}]}

{}