Multiple vulnerabilities in the web-based management interface of Cisco HyperFlex HX could allow an unauthenticated, remote malicious user to perform command injection attacks against an affected device. For more information about these vulnerabilities, see the Details section of this advisory.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
cisco hyperflex_hx_data_platform |
You know the drill: shake your head in disbelief, then figure out if patching will wipe out a weekend or be merely inconvenient
Cisco has revealed a pair of critical bugs in its HyperFlex hyperconverged infrastructure product. CVE-2021-1497 impacts the HyperFlex HX Installer Virtual Machine and means an unauthenticated, remote attacker could perform a command injection attack on a web management console that gives them root access and allows them to execute arbitrary commands on an affected device. CVE-2021-1498 also allows an attacker to use command injection on the management interface, with login as the tomcat8 user. ...