CVE-2020-3389

CVE Database · CVE-2020-3389

CVE-2020-3389

· MEDIUMModified

CVSS v3.1

4.4

EPSS

0.21%

Published

Aug 26, 2020

Modified

Nov 21, 2024

Public PoC / Exploit

All weaponized →

No public PoC or exploit code indexed for this CVE.

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

A vulnerability in the installation component of Cisco Hyperflex HX-Series Software could allow an authenticated, local attacker to retrieve the password that was configured at installation on an affected device. The vulnerability exists because sensitive information is stored as clear text. An attacker could exploit this vulnerability by authenticating to an affected device and navigating to the directory that contains sensitive information. A successful exploit could allow the attacker to obtain sensitive information in clear text from the affected device.

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

Weaknesses (CWE)

CWE-310CWE-311

Affected Products (1)

cisco · hyperflex_hx-series_softwarevulnerable

References (2)

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-HYP-WSV-yT3j5hSB

Vendor Advisory

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-HYP-WSV-yT3j5hSB

Vendor Advisory

KEV Catalog EPSS Scores Vendors All CVEs