cisco hyperflex-hx-data-platform CVE-2018-15382 is a vulnerability in Cisco Hyperflex Hx Data Platform
Published on October 5, 2018

Cisco HyperFlex Software Static Signing Key Vulnerability
A vulnerability in Cisco HyperFlex Software could allow an unauthenticated, remote attacker to generate valid, signed session tokens. The vulnerability is due to a static signing key that is present in all Cisco HyperFlex systems. An attacker could exploit this vulnerability by accessing the static signing key from one HyperFlex system and using it to generate valid, signed session tokens for another HyperFlex system. A successful exploit could allow the attacker to access the HyperFlex Web UI of a system for which they are not authorized.

Vendor Advisory NVD

Weakness Type

External Control of Critical State Data

The software stores security-critical state information about its users, or the software itself, in a location that is accessible to unauthorized actors.


Products Associated with CVE-2018-15382

Want to know whenever a new CVE is published for Cisco Hyperflex Hx Data Platform? stack.watch will email you.

Cisco Hyperflex Hx Data Platform
 

Affected Versions

Cisco HyperFlex HX-Series Version n/a is affected by CVE-2018-15382

Exploit Probability

EPSS
0.68%
Percentile
71.52%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.