A vulnerability in Cisco HyperFlex Software could allow an unauthenticated, remote attacker to generate valid, signed session tokens. The vulnerability is due to a static signing key that is present in all Cisco HyperFlex systems. An attacker could exploit this vulnerability by accessing the static signing key from one HyperFlex system and using it to generate valid, signed session tokens for another HyperFlex system. A successful exploit could allow the attacker to access the HyperFlex Web UI of a system for which they are not authorized.
Metrics
Affected Vendors & Products
References
History
Tue, 26 Nov 2024 15:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
MITRE
Status: PUBLISHED
Assigner: cisco
Published: 2018-10-05T14:00:00Z
Updated: 2024-11-26T14:34:45.791Z
Reserved: 2018-08-17T00:00:00
Link: CVE-2018-15382
Vulnrichment
Updated: 2024-08-05T09:54:02.948Z
NVD
Status : Modified
Published: 2018-10-05T14:29:07.123
Modified: 2024-11-21T03:50:40.233
Link: CVE-2018-15382
Redhat
No data.