CVE-2020-3389

Name of the Vulnerable Software and Affected Versions Cisco Hyperflex HX-Series Software (affected versions not specified)

Description A vulnerability exists in the installation component of the software, allowing an authenticated, local attacker to retrieve the password configured at installation. This is due to sensitive information being stored as clear text. An attacker could exploit this by authenticating to the device and navigating to the directory containing sensitive information, potentially obtaining sensitive information in clear text. The issue is also related to errors in data encryption.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.