CVE-2018-15382

Name of the Vulnerable Software and Affected Versions Cisco HyperFlex Software (affected versions not specified)

Description The issue is related to insecure external control over critical state data in Cisco HyperFlex. It could allow a remote attacker to create valid signed session tokens and elevate their privileges. The vulnerability is due to a static signing key present in all Cisco HyperFlex systems, which an attacker could exploit to generate valid tokens for unauthorized access to the HyperFlex Web UI.

Recommendations For all affected versions of Cisco HyperFlex Software, consider restricting access to the static signing key to minimize the risk of exploitation. As a temporary workaround, limit access to the HyperFlex Web UI until a fix is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.