CVE-2019-12620
Summary
| CVE | CVE-2019-12620 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2019-09-18 17:15:00 UTC |
| Updated | 2019-10-09 23:45:00 UTC |
| Description | A vulnerability in the statistics collection service of Cisco HyperFlex Software could allow an unauthenticated, remote attacker to inject arbitrary values on an affected device. The vulnerability is due to insufficient authentication for the statistics collection service. An attacker could exploit this vulnerability by sending properly formatted data values to the statistics collection service of an affected device. A successful exploit could allow the attacker to cause the web interface statistics view to present invalid data to users. |
Risk And Classification
Problem Types: CWE-345
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Hardware | Cisco | Hyperflex Hx220c Af M5 | - | All | All | All |
| Hardware | Cisco | Hyperflex Hx220c Af M5 | - | All | All | All |
| Operating System | Cisco | Hyperflex Hx220c Af M5 Firmware | 3.0(1a) | All | All | All |
| Operating System | Cisco | Hyperflex Hx220c Af M5 Firmware | 3.0\(1a\) | All | All | All |
| Operating System | Cisco | Hyperflex Hx220c Af M5 Firmware | 3.5(2a) | All | All | All |
| Operating System | Cisco | Hyperflex Hx220c Af M5 Firmware | 3.5\(2a\) | All | All | All |
| Operating System | Cisco | Hyperflex Hx220c Af M5 Firmware | 4.0(1a) | All | All | All |
| Operating System | Cisco | Hyperflex Hx220c Af M5 Firmware | 4.0\(1a\) | All | All | All |
| Operating System | Cisco | Hyperflex Hx220c Af M5 Firmware | 3.0\(1a\) | All | All | All |
| Operating System | Cisco | Hyperflex Hx220c Af M5 Firmware | 3.5\(2a\) | All | All | All |
| Operating System | Cisco | Hyperflex Hx220c Af M5 Firmware | 4.0\(1a\) | All | All | All |
| Hardware | Cisco | Hyperflex Hx220c Edge M5 | - | All | All | All |
| Hardware | Cisco | Hyperflex Hx220c Edge M5 | - | All | All | All |
| Operating System | Cisco | Hyperflex Hx220c Edge M5 Firmware | 3.0(1a) | All | All | All |
| Operating System | Cisco | Hyperflex Hx220c Edge M5 Firmware | 3.0\(1a\) | All | All | All |
| Operating System | Cisco | Hyperflex Hx220c Edge M5 Firmware | 3.5(2a) | All | All | All |
| Operating System | Cisco | Hyperflex Hx220c Edge M5 Firmware | 3.5\(2a\) | All | All | All |
| Operating System | Cisco | Hyperflex Hx220c Edge M5 Firmware | 4.0(1a) | All | All | All |
| Operating System | Cisco | Hyperflex Hx220c Edge M5 Firmware | 4.0\(1a\) | All | All | All |
| Operating System | Cisco | Hyperflex Hx220c Edge M5 Firmware | 3.0\(1a\) | All | All | All |
| Operating System | Cisco | Hyperflex Hx220c Edge M5 Firmware | 3.5\(2a\) | All | All | All |
| Operating System | Cisco | Hyperflex Hx220c Edge M5 Firmware | 4.0\(1a\) | All | All | All |
| Hardware | Cisco | Hyperflex Hx220c M5 | - | All | All | All |
| Hardware | Cisco | Hyperflex Hx220c M5 | - | All | All | All |
| Operating System | Cisco | Hyperflex Hx220c M5 Firmware | 3.0(1a) | All | All | All |
| Operating System | Cisco | Hyperflex Hx220c M5 Firmware | 3.0\(1a\) | All | All | All |
| Operating System | Cisco | Hyperflex Hx220c M5 Firmware | 3.5(2a) | All | All | All |
| Operating System | Cisco | Hyperflex Hx220c M5 Firmware | 3.5\(2a\) | All | All | All |
| Operating System | Cisco | Hyperflex Hx220c M5 Firmware | 4.0(1a) | All | All | All |
| Operating System | Cisco | Hyperflex Hx220c M5 Firmware | 4.0\(1a\) | All | All | All |
| Operating System | Cisco | Hyperflex Hx220c M5 Firmware | 3.0\(1a\) | All | All | All |
| Operating System | Cisco | Hyperflex Hx220c M5 Firmware | 3.5\(2a\) | All | All | All |
| Operating System | Cisco | Hyperflex Hx220c M5 Firmware | 4.0\(1a\) | All | All | All |
| Hardware | Cisco | Hyperflex Hx240c Af M5 | - | All | All | All |
| Hardware | Cisco | Hyperflex Hx240c Af M5 | - | All | All | All |
| Operating System | Cisco | Hyperflex Hx240c Af M5 Firmware | 3.0(1a) | All | All | All |
| Operating System | Cisco | Hyperflex Hx240c Af M5 Firmware | 3.0\(1a\) | All | All | All |
| Operating System | Cisco | Hyperflex Hx240c Af M5 Firmware | 3.5(2a) | All | All | All |
| Operating System | Cisco | Hyperflex Hx240c Af M5 Firmware | 3.5\(2a\) | All | All | All |
| Operating System | Cisco | Hyperflex Hx240c Af M5 Firmware | 4.0(1a) | All | All | All |
| Operating System | Cisco | Hyperflex Hx240c Af M5 Firmware | 4.0\(1a\) | All | All | All |
| Operating System | Cisco | Hyperflex Hx240c Af M5 Firmware | 3.0\(1a\) | All | All | All |
| Operating System | Cisco | Hyperflex Hx240c Af M5 Firmware | 3.5\(2a\) | All | All | All |
| Operating System | Cisco | Hyperflex Hx240c Af M5 Firmware | 4.0\(1a\) | All | All | All |
| Hardware | Cisco | Hyperflex Hx240c M5 | - | All | All | All |
| Hardware | Cisco | Hyperflex Hx240c M5 | - | All | All | All |
| Operating System | Cisco | Hyperflex Hx240c M5 Firmware | 3.0(1a) | All | All | All |
| Operating System | Cisco | Hyperflex Hx240c M5 Firmware | 3.0\(1a\) | All | All | All |
| Operating System | Cisco | Hyperflex Hx240c M5 Firmware | 3.5(2a) | All | All | All |
| Operating System | Cisco | Hyperflex Hx240c M5 Firmware | 3.5\(2a\) | All | All | All |
| Operating System | Cisco | Hyperflex Hx240c M5 Firmware | 4.0(1a) | All | All | All |
| Operating System | Cisco | Hyperflex Hx240c M5 Firmware | 4.0\(1a\) | All | All | All |
| Operating System | Cisco | Hyperflex Hx240c M5 Firmware | 3.0\(1a\) | All | All | All |
| Operating System | Cisco | Hyperflex Hx240c M5 Firmware | 3.5\(2a\) | All | All | All |
| Operating System | Cisco | Hyperflex Hx240c M5 Firmware | 4.0\(1a\) | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Cisco HyperFlex Software Counter Value Injection Vulnerability | CISCO | tools.cisco.com | Vendor Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.