Executive Summary
Summary | |
---|---|
Title | Cisco HyperFlex Software Static Signing Key Vulnerability |
Informations | |||
---|---|---|---|
Name | cisco-sa-20181003-hyperflex-secret | First vendor Publication | 2018-10-03 |
Vendor | Cisco | Last vendor Modification | 2018-10-03 |
Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P) | |||
---|---|---|---|
Cvss Base Score | 7.5 | Attack Range | Network |
Cvss Impact Score | 6.4 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
A vulnerability in Cisco HyperFlex Software could allow an unauthenticated, remote attacker to generate valid, signed session tokens. The vulnerability is due to a static signing key that is present in all Cisco HyperFlex systems. An attacker could exploit this vulnerability by accessing the static signing key from one HyperFlex system and using it to generate valid, signed session tokens for another HyperFlex system. A successful exploit could allow the attacker to access the HyperFlex Web UI of a system for which they are not authorized. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. This advisory is available at the following link: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181003-hyperflex-secret ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181003-hyperflex-secret"] BEGIN PGP SIGNATURE iQJ5BAEBAgBjBQJbtOqjXBxDaXNjbyBQcm9kdWN0IFNlY3VyaXR5IEluY2lkZW50 IFJlc3BvbnNlIFRlYW0gKENpc2NvIFBTSVJUIGtleSAyMDE4LTIwMTkpIDxwc2ly dEBjaXNjby5jb20+AAoJEJa12PPJBfcztXQQAMec9Gv+5F4LI9rFz21PqPMd40NW z6YTUec1V04yiG372fSk0harZoLaBJ3sOA0K7qb57lFBnNKxVOtk9BnIz0zDgOKV 6L9WTx4VH1nkb5ZHjEEF3tLTLzfKbdRHyrUtFbhy5HsrSpofceqLmbmwHPfFMiqu xN6/CoSQtULDmLfnt+cdnqLFHqLUtdGj9aheYukPec6xq7VZc16lsMcEhsIJMbxW 7vTsdXizgkDSsmD3aUfZ1gXoH3PaArRXa5ZlNVZTO98w7lWQC7VLWAb8GhzfJGmN OTlwSKz8et6lR7IpNHs9PGqG2oZu//KqZhhcQZf/BTuUvvt0CNgQUoWEKZFvph3z kSsuFMBJpNN1iAopZNf+bxIqlgUYPl1w+cYGPDYCvecSKV6CB8Zj9ImS0TFMZNBW MkEdrfLNwgBeo57nG6dnLI0AxhXX3OFynJz0EkpIVqrrz+zC3eP5BKyF8uuYn42Q R1no512ExIDxNU+MFHl+WjI8P9wxo5KNylEYxvawB3os09FAZutTFg//pFvrptJE 4xNKSkq52IcFKDWovwY3tq3a3AuY9YQgp9xg/riJzFfMjn92Os9WXAxaVTwkAMMl 3QQJEFvSb7mepYqMXEL2zgMS33AcgnmtoxDoiiXGSym4A36qLXv2AuifbN6VenXX 9cKdb1jEHuzrRjn9 =P7Kz END PGP SIGNATURE _______________________________________________ cust-security-announce mailing list cust-security-announce@cisco.com To unsubscribe, send the command "unsubscribe" in the subject of your message to cust-security-announce-leave@cisco.com |
Original Source
Url : http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco (...) |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-642 | External Control of Critical State Data |
CPE : Common Platform Enumeration
Type | Description | Count |
---|---|---|
Os | 1 |
Alert History
Date | Informations |
---|---|
2018-11-29 00:22:40 |
|
2018-10-05 21:21:50 |
|
2018-10-03 21:19:32 |
|