Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
894
VMScore

CVE-2021-1497

Published: 06/05/2021 Updated: 07/11/2023
CVSS v2 Base Score: 10 | Impact Score: 10 | Exploitability Score: 10
CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9
VMScore: 894
Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Subscribe to Cisco

Vulnerability Summary

Multiple vulnerabilities in the web-based management interface of Cisco HyperFlex HX could allow an unauthenticated, remote malicious user to perform command injection attacks against an affected device. For more information about these vulnerabilities, see the Details section of this advisory.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

cisco hyperflex_hx_data_platform 4.0\\(2a\\)

Vendor Advisories

Cisco: Cisco HyperFlex HX Command Injection Vulnerabilities
Multiple vulnerabilities in the web-based management interface of Cisco HyperFlex HX could allow an unauthenticated, remote attacker to perform command injection attacks against an affected device For more information about these vulnerabilities, see the Details section of this advisory Cisco has released software updates that address these vulne ...

Recent Articles

Cisco HyperFlex web interface has critical flaw that lets attackers get root and execute arbitrary commands
The Register • Simon Sharwood, APAC Editor • 07 May 2021

You know the drill: shake your head in disbelief, then figure out if patching will wipe out a weekend or be merely inconvenient

Cisco has revealed a pair of critical bugs in its HyperFlex hyperconverged infrastructure product. CVE-2021-1497 impacts the HyperFlex HX Installer Virtual Machine and means an unauthenticated, remote attacker could perform a command injection attack on a web management console that gives them root access and allows them to execute arbitrary commands on an affected device. CVE-2021-1498 also allows an attacker to use command injection on the management interface, with login as the tomcat8 user. ...

Read more...

References

CWE-78https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-hyperflex-rce-TjjNrkpRhttp://packetstormsecurity.com/files/162976/Cisco-HyperFlex-HX-Data-Platform-Command-Execution.htmlhttps://nvd.nist.govhttps://www.theregister.co.uk/2021/05/07/cisco_hyperflex_critical_flaw/https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-hyperflex-rce-TjjNrkpR
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-30924CVE-2024-3400overflowCVE-2024-23528CVE-2024-21338CVE-2024-3818CVE-2024-23535NULL pointer dereferenceelevation of privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook