Vulnerability in Cisco Hyperflex Hx-series

CVE-2018-15382

A vulnerability in Cisco HyperFlex Software could allow an unauthenticated, remote attacker to generate valid, signed session tokens. The vulnerability is due to a static signing key that is present in all Cisco HyperFlex systems. An attac…

EPSS: 0.007 (71.9th percentile) — read the EPSS interpretation.

Affected products

Cisco Hyperflex Hx-series — versions n/a

Weakness classification (CWE)

CWE-642

References

20181003 Cisco HyperFlex Software Static Signing Key Vulnerability (x_refsource_CISCO, vendor-advisory)
105518 (vdb-entry, x_refsource_BID)