Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Cisco HyperFlex Software Static Signing Key Vulnerability
Vulnerability Description
A vulnerability in Cisco HyperFlex Software could allow an unauthenticated, remote attacker to generate valid, signed session tokens. The vulnerability is due to a static signing key that is present in all Cisco HyperFlex systems. An attacker could exploit this vulnerability by accessing the static signing key from one HyperFlex system and using it to generate valid, signed session tokens for another HyperFlex system. A successful exploit could allow the attacker to access the HyperFlex Web UI of a system for which they are not authorized.
CVSS Information
N/A
Vulnerability Type
对关键状态数据的外部可控制
Vulnerability Title
Cisco HyperFlex Software 安全漏洞
Vulnerability Description
Cisco HyperFlex Software是美国思科(Cisco)公司的一套可扩展的分布式文件系统。该系统通过云管理提供统一的计算、存储和网络,提供企业级数据管理和优化服务。 Cisco HyperFlex Software 3.5(1a)之前版本中存在安全漏洞,该漏洞源于Cisco HyperFlex系统中存在静态签名密钥。攻击者可借助来自于HyperFlex系统的签名密钥利用该漏洞创建一个已签名的有效会话令牌并访问系统的HyperFlex Web UI。
CVSS Information
N/A
Vulnerability Type
N/A