Multiple vulnerabilities in the web-based management interface of Cisco HyperFlex HX could allow an unauthenticated, remote attacker to perform command injection attacks against an affected device. For more information about these vulnerabilities, see the Details section of this advisory.
References
Link | Resource |
---|---|
http://packetstormsecurity.com/files/162976/Cisco-HyperFlex-HX-Data-Platform-Command-Execution.html | Exploit Third Party Advisory VDB Entry |
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-hyperflex-rce-TjjNrkpR | Vendor Advisory |
Configurations
Configuration 1 (hide)
AND |
|
History
07 Jun 2021, 20:57
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) http://packetstormsecurity.com/files/162976/Cisco-HyperFlex-HX-Data-Platform-Command-Execution.html - Exploit, Third Party Advisory, VDB Entry |
04 Jun 2021, 16:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
17 May 2021, 13:50
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:h:cisco:hyperflex_hx240c_af_m5:-:*:*:*:*:*:*:* cpe:2.3:o:cisco:hyperflex_hx_data_platform:*:*:*:*:*:*:*:* cpe:2.3:h:cisco:hyperflex_hx220c_all_nvme_m5:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:hyperflex_hx240c:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:hyperflex_hx220c_edge_m5:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:hyperflex_hx220c_af_m5:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:hyperflex_hx240c_m5:-:*:*:*:*:*:*:* cpe:2.3:h:cisco:hyperflex_hx220c_m5:-:*:*:*:*:*:*:* |
|
CVSS |
v2 : v3 : |
v2 : 7.5
v3 : 9.8 |
References | (CISCO) https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-hyperflex-rce-TjjNrkpR - Vendor Advisory |
06 May 2021, 13:16
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2021-05-06 13:15
Updated : 2023-12-10 13:55
NVD link : CVE-2021-1498
Mitre link : CVE-2021-1498
CVE.ORG link : CVE-2021-1498
JSON object : View
Products Affected
cisco
- hyperflex_hx240c_m5
- hyperflex_hx240c
- hyperflex_hx_data_platform
- hyperflex_hx220c_edge_m5
- hyperflex_hx240c_af_m5
- hyperflex_hx220c_af_m5
- hyperflex_hx220c_all_nvme_m5
- hyperflex_hx220c_m5
CWE
CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')