CVE-2019-12621

MEDIUM Year: 2019
CVSS v3 Score
6.8
Medium
CVSS v2 Score
5.8
Medium
Weakness Type
CWE-320
View all →

Vulnerability Description

A vulnerability in Cisco HyperFlex Software could allow an unauthenticated, remote attacker to perform a man-in-the-middle attack. The vulnerability is due to insufficient key management. An attacker could exploit this vulnerability by obtaining a specific encryption key for the cluster. A successful exploit could allow the attacker to perform a man-in-the-middle attack against other nodes in the cluster.

Related Vulnerabilities

CVE-2018-15397

MEDIUM
CVSS:6.8(Medium)

A vulnerability in the implementation of Traffic Flow Confidentiality (TFC) over IPsec functionality in Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Softwa...

CWE-3202018

CVE-2020-1688

MEDIUM
CVSS:6.5(Medium)

On Juniper Networks SRX Series and NFX Series, a local authenticated user with access to the shell may obtain the Web API service private key that is used to provide encrypted communication between th...

CWE-3202020

CVE-2023-21626

HIGH
CVSS:7.1(High)

Cryptographic issue in HLOS due to improper authentication while performing key velocity checks using more than one key.

CWE-3202023

CVE-2023-21652

HIGH
CVSS:7.1(High)

Cryptographic issue in HLOS as derived keys used to encrypt/decrypt information is present on stack after use.

CWE-3202023

CVE-2013-2233

HIGH
CVSS:7.4(High)

Ansible before 1.2.1 makes it easier for remote attackers to conduct man-in-the-middle attacks by leveraging failure to cache SSH host keys.

CWE-3202013

CVE-2024-36391

HIGH
CVSS:7.4(High)

MileSight DeviceHub - CWE-320: Key Management Errors may allow Authentication Bypass and Man-In-The-Middle Traffic

CWE-3202024