A vulnerability in Cisco HyperFlex Software could allow an unauthenticated, remote attacker to generate valid, signed session tokens. The vulnerability is due to a static signing key that is present in all Cisco HyperFlex systems. An attacker could exploit this vulnerability by accessing the static signing key from one HyperFlex system and using it to generate valid, signed session tokens for another HyperFlex system. A successful exploit could allow the attacker to access the HyperFlex Web UI of a system for which they are not authorized.
Metrics
Affected Vendors & Products
References
History
Tue, 26 Nov 2024 15:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|

Status: PUBLISHED
Assigner: cisco
Published: 2018-10-05T14:00:00Z
Updated: 2024-11-26T14:34:45.791Z
Reserved: 2018-08-17T00:00:00
Link: CVE-2018-15382

Updated: 2024-08-05T09:54:02.948Z

Status : Modified
Published: 2018-10-05T14:29:07.123
Modified: 2024-11-21T03:50:40.233
Link: CVE-2018-15382

No data.