Cisco Hyperflex Hx240C M5 Firmware vulnerabilities

CVE-2019-1975 [MEDIUM] CWE-693 CVE-2019-1975: A vulnerability in the web-based interface of Cisco HyperFlex Software could allow an unauthenticate A vulnerability in the web-based interface of Cisco HyperFlex Software could allow an unauthenticated, remote attacker to execute a cross-frame scripting (XFS) attack on an affected device. This vulnerability is due to insufficient HTML iframe protection. An attacker could exploit this vulnerability by directing a user to an attacker-controlled web pa

CVE-2019-12620 [MEDIUM] CWE-345 CVE-2019-12620: A vulnerability in the statistics collection service of Cisco HyperFlex Software could allow an unau A vulnerability in the statistics collection service of Cisco HyperFlex Software could allow an unauthenticated, remote attacker to inject arbitrary values on an affected device. The vulnerability is due to insufficient authentication for the statistics collection service. An attacker could exploit this vulnerability by sending properly formatted da

CVE-2019-12621 [HIGH] CWE-320 CVE-2019-12621: A vulnerability in Cisco HyperFlex Software could allow an unauthenticated, remote attacker to perfo A vulnerability in Cisco HyperFlex Software could allow an unauthenticated, remote attacker to perform a man-in-the-middle attack. The vulnerability is due to insufficient key management. An attacker could exploit this vulnerability by obtaining a specific encryption key for the cluster. A successful exploit could allow the attacker to perform a man-i