CVE-2020-3389
published 2020-08-26CVE-2020-3389: A vulnerability in the installation component of Cisco Hyperflex HX-Series Software could allow an authenticated, local attacker to retrieve the password that…
PriorityP417medium4.4CVSS 3.1
AVLACLPRHUINSUCHINAN
EPSS
0.21%
10.9th percentile
A vulnerability in the installation component of Cisco Hyperflex HX-Series Software could allow an authenticated, local attacker to retrieve the password that was configured at installation on an affected device. The vulnerability exists because sensitive information is stored as clear text. An attacker could exploit this vulnerability by authenticating to an affected device and navigating to the directory that contains sensitive information. A successful exploit could allow the attacker to obtain sensitive information in clear text from the affected device.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| cisco | cisco_hyperflex_hx_data_platform | — | — |
| cisco | hyperflex_hx-series | — | — |
| cisco | hyperflex_hx-series_software | — | — |
CVSS provenance
nvdv3.14.4MEDIUMCVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
nvdv3.04.4MEDIUMCVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
nvdv2.02.1LOWAV:L/AC:L/Au:N/C:P/I:N/A:N
vendor_cisco4.4MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Cisco
Cisco Hyperflex HX-Series Software Weak Storage Vulnerability
vendor_cisco·2020-08-19·CVSS 4.4
CVE-2020-3389 [MEDIUM] CWE-310 Cisco Hyperflex HX-Series Software Weak Storage Vulnerability
Cisco Hyperflex HX-Series Software Weak Storage Vulnerability
A vulnerability in the installation component of Cisco Hyperflex HX-Series Software could allow an authenticated, local attacker to retrieve the password that was configured at installation on an affected device.
The vulnerability exists because sensitive information is stored as clear text. An attacker could exploit this vulnerability by authenticating to an affected device and navigating to the directory that contains sensitive information. A successful exploit could allow the attacker to obtain sensitive information in clear text from the affected device.
There are no workarounds that address this vulnerability.
This advisory is available at the following link:https://sec.cloudapps.cisco.com/security/center/content/CiscoSec
Cisco
Cisco Hyperflex HX-Series Software Weak Storage Vulnerability
vendor_cisco·CVSS 3.0
CVE-2020-3389 Cisco Hyperflex HX-Series Software Weak Storage Vulnerability
CVE-2020-3389: Cisco Hyperflex HX-Series Software Weak Storage Vulnerability
A vulnerability in the installation component of Cisco Hyperflex HX-Series Software could allow an authenticated, local attacker to retrieve the password that was configured at installation on an affected device. The vulnerability exists because sensitive information is stored as clear text. An attacker could exploit this vulnerability by authenticating to an affected device and navigating to the directory that contains sensitive information. A successful exploit could allow the attacker to obtain sensitive information in clear text from the affected device. There are no
CVSS: 3.0
CWE: CWE-310, CWE-310
Bug IDs: CSCvs42713
GHSA
GHSA-4hvh-wv6j-q2j4: A vulnerability in the installation component of Cisco Hyperflex HX-Series Software could allow an authenticated, local attacker to retrieve the passw
ghsa_unreviewed·2022-05-24
CVE-2020-3389 [LOW] GHSA-4hvh-wv6j-q2j4: A vulnerability in the installation component of Cisco Hyperflex HX-Series Software could allow an authenticated, local attacker to retrieve the passw
A vulnerability in the installation component of Cisco Hyperflex HX-Series Software could allow an authenticated, local attacker to retrieve the password that was configured at installation on an affected device. The vulnerability exists because sensitive information is stored as clear text. An attacker could exploit this vulnerability by authenticating to an affected device and navigating to the directory that contains sensitive information. A successful exploit could allow the attacker to obtain sensitive information in clear text from the affected device.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2020-08-26
Published