10
CVSSv2

CVE-2021-1497

Published: 06/05/2021 Updated: 07/06/2021
CVSS v2 Base Score: 10 | Impact Score: 10 | Exploitability Score: 10
CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9
Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Summary

Multiple vulnerabilities in the web-based management interface of Cisco HyperFlex HX could allow an unauthenticated, remote malicious user to perform command injection attacks against an affected device. For more information about these vulnerabilities, see the Details section of this advisory.

Most Upvoted Vulmon Research Post

There is no Researcher post for this vulnerability
Would you like to share something about it? Sign up now to share your knowledge with the community.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

cisco hyperflex_hx_data_platform 4.0\\(2a\\)

Vendor Advisories

Multiple vulnerabilities in the web-based management interface of Cisco HyperFlex HX could allow an unauthenticated, remote attacker to perform command injection attacks against an affected device For more information about these vulnerabilities, see the Details section of this advisory Cisco has released software updates that address these vul ...

Github Repositories

Use at your own risk CVE-2021-1497 Exploit Windows Binary PoC /CVE-2021-1497exe will run the exploit /CVE-2021-1497exe Target IP /CVE-2021-1497exe wwwexamplecom Running the exploit on Linux Change the target IP in CVE-2021-1497sh then do: chmod +x CVE-2021-1497sh /CVE-2021-1497sh Target IP /CVE-2021-1497sh wwwexamplecom

Recent Articles

Cisco HyperFlex web interface has critical flaw that lets attackers get root and execute arbitrary commands
The Register • Simon Sharwood, APAC Editor • 07 May 2021

You know the drill: shake your head in disbelief, then figure out if patching will wipe out a weekend or be merely inconvenient

Cisco has revealed a pair of critical bugs in its HyperFlex hyperconverged infrastructure product.
CVE-2021-1497 impacts the HyperFlex HX Installer Virtual Machine and means an unauthenticated, remote attacker could perform a command injection attack on a web management console that gives them root access and allows them to execute arbitrary commands on an affected device.
CVE-2021-1498 also allows an attacker to use command injection on the management interface, with login as the to...

The Register

Cisco has revealed a pair of critical bugs in its HyperFlex hyperconverged infrastructure product.
CVE-2021-1497 impacts the HyperFlex HX Installer Virtual Machine and means an unauthenticated, remote attacker could perform a command injection attack on a web management console that gives them root access and allows them to execute arbitrary commands on an affected device.
CVE-2021-1498 also allows an attacker to use command injection on the management interface, with login as the to...

Cisco bugs allow creating admin accounts, executing commands as root
BleepingComputer • Sergiu Gatlan • 01 Jan 1970

Cisco has fixed critical SD-WAN vManage and HyperFlex HX software security flaws that could enable remote attackers to execute commands as root or create rogue admin accounts.
The company also issued security updates to address
in multiple other software products that allow attackers to execute arbitrary code remotely, escalate privileges, trigger denial of service conditions, and more on unpatched servers.
Cisco's Product Security Incident Response Team (PSIRT) said that it'...