CVE-2019-12620

Name of the Vulnerable Software and Affected Versions Cisco HyperFlex Software (affected versions not specified)

Description The issue is related to insufficient authentication for the statistics collection service, which could allow a remote attacker to inject arbitrary values on an affected device. This could cause the web interface statistics view to present invalid data to users. The attacker could exploit this by sending properly formatted data values to the statistics collection service.

Recommendations For Cisco HyperFlex Software, ensure proper authentication is implemented for the statistics collection service to prevent unauthorized access. As a temporary workaround, consider restricting access to the statistics collection service until a patch is available. Avoid using the statistics collection service until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.