What is CVE-2019-12620?

CVE-2019-12620 is a medium-severity vulnerability in Cisco Hyperflex Hx-series, classified under Insufficient Verification of Data Authenticity. CVSS score: 5.3/10. Published 2019-09-18.

How severe is CVE-2019-12620?

Medium severity. CVSS v3 base score is 5.3 out of 10.

Vulnerability in Cisco Hyperflex Hx-series

CVE-2019-12620

A vulnerability in the statistics collection service of Cisco HyperFlex Software could allow an unauthenticated, remote attacker to inject arbitrary values on an affected device. The vulnerability is due to insufficient authentication for…

EPSS: 0.002 (46.4th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 5.3 (Medium). Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N.

Affected products

Cisco Hyperflex Hx-series — versions unspecified

Weakness classification (CWE)

CWE-345 — Insufficient Verification of Data Authenticity

References

20190918 Cisco HyperFlex Software Counter Value Injection Vulnerability (vendor-advisory, x_refsource_CISCO)

Frequently asked questions

What is CVE-2019-12620?: CVE-2019-12620 is a medium-severity vulnerability in Cisco Hyperflex Hx-series, classified under Insufficient Verification of Data Authenticity. CVSS score: 5.3/10. Published 2019-09-18.
How severe is CVE-2019-12620?: Medium severity. CVSS v3 base score is 5.3 out of 10.