Sign-up

ID

VAR-202008-0806


CVE

CVE-2020-3389


TITLE

Cisco HyperFlex HX-Series Vulnerability in software lack of encryption of critical data

Trust: 0.8

sources: JVNDB: JVNDB-2020-010269

DESCRIPTION

A vulnerability in the installation component of Cisco Hyperflex HX-Series Software could allow an authenticated, local attacker to retrieve the password that was configured at installation on an affected device. The vulnerability exists because sensitive information is stored as clear text. An attacker could exploit this vulnerability by authenticating to an affected device and navigating to the directory that contains sensitive information. A successful exploit could allow the attacker to obtain sensitive information in clear text from the affected device. Cisco HyperFlex HX-Series Software contains a vulnerability regarding the lack of encryption of critical data.Information may be obtained. flex is a program for recognizing lexical patterns in text

Trust: 1.71

sources: NVD: CVE-2020-3389 // JVNDB: JVNDB-2020-010269 // VULHUB: VHN-181514

AFFECTED PRODUCTS

vendor:ciscomodel:hyperflex hx-series softwarescope:eqversion:4.0\(2a\)

Trust: 1.0

vendor:ciscomodel:hyperflex hx-series softwarescope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2020-010269 // NVD: CVE-2020-3389

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-3389
value: MEDIUM

Trust: 1.0

ykramarz@cisco.com: CVE-2020-3389
value: MEDIUM

Trust: 1.0

NVD: JVNDB-2020-010269
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-202008-972
value: MEDIUM

Trust: 0.6

VULHUB: VHN-181514
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2020-3389
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

NVD: JVNDB-2020-010269
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

VULHUB: VHN-181514
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2020-3389
baseSeverity: MEDIUM
baseScore: 4.4
vectorString: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 0.8
impactScore: 3.6
version: 3.1

Trust: 1.0

ykramarz@cisco.com: CVE-2020-3389
baseSeverity: MEDIUM
baseScore: 4.4
vectorString: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 0.8
impactScore: 3.6
version: 3.0

Trust: 1.0

NVD: JVNDB-2020-010269
baseSeverity: MEDIUM
baseScore: 4.4
vectorString: CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-181514 // JVNDB: JVNDB-2020-010269 // CNNVD: CNNVD-202008-972 // NVD: CVE-2020-3389 // NVD: CVE-2020-3389

PROBLEMTYPE DATA

problemtype:CWE-311

Trust: 1.9

problemtype:CWE-310

Trust: 1.0

sources: VULHUB: VHN-181514 // JVNDB: JVNDB-2020-010269 // NVD: CVE-2020-3389

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202008-972

TYPE

encryption problem

Trust: 0.6

sources: CNNVD: CNNVD-202008-972

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2020-010269

PATCH
title:cisco-sa-HYP-WSV-yT3j5hSBurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-HYP-WSV-yT3j5hSB
Trust: 0.8
title:Cisco Hyperflex HX-Series Software Fixing measures for vulnerabilities in the encryption problem of the installation moduleurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=126768
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2020-010269 // 
            
            
            
            CNNVD: CNNVD-202008-972

EXTERNAL IDS
db:NVDid:CVE-2020-3389
Trust: 2.5
db:JVNDBid:JVNDB-2020-010269
Trust: 0.8
db:CNNVDid:CNNVD-202008-972
Trust: 0.7
db:AUSCERTid:ESB-2020.2861
Trust: 0.6
db:NSFOCUSid:48475
Trust: 0.6
db:VULHUBid:VHN-181514
Trust: 0.1
sources:
            
            
            VULHUB: VHN-181514 // 
            
            
            
            JVNDB: JVNDB-2020-010269 // 
            
            
            
            CNNVD: CNNVD-202008-972 // 
            
            
            
            NVD: CVE-2020-3389

REFERENCES
url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-hyp-wsv-yt3j5hsb
Trust: 2.3
url:https://nvd.nist.gov/vuln/detail/cve-2020-3389
Trust: 1.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-3389
Trust: 0.8
url:https://www.auscert.org.au/bulletins/esb-2020.2861/
Trust: 0.6
url:http://www.nsfocus.net/vulndb/48475
Trust: 0.6
sources:
            
            
            VULHUB: VHN-181514 // 
            
            
            
            JVNDB: JVNDB-2020-010269 // 
            
            
            
            CNNVD: CNNVD-202008-972 // 
            
            
            
            NVD: CVE-2020-3389

SOURCES
db:VULHUBid:VHN-181514
db:JVNDBid:JVNDB-2020-010269
db:CNNVDid:CNNVD-202008-972
db:NVDid:CVE-2020-3389

LAST UPDATE DATE
2024-11-23T22:29:29.932000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-181514date:2020-09-01T00:00:00
db:JVNDBid:JVNDB-2020-010269date:2021-01-04T08:55:36
db:CNNVDid:CNNVD-202008-972date:2021-08-16T00:00:00
db:NVDid:CVE-2020-3389date:2024-11-21T05:30:56.097

SOURCES RELEASE DATE
db:VULHUBid:VHN-181514date:2020-08-26T00:00:00
db:JVNDBid:JVNDB-2020-010269date:2021-01-04T08:55:36
db:CNNVDid:CNNVD-202008-972date:2020-08-19T00:00:00
db:NVDid:CVE-2020-3389date:2020-08-26T17:15:13.287