First published: Thu May 06 2021(Updated: )
Multiple vulnerabilities in the web-based management interface of Cisco HyperFlex HX could allow an unauthenticated, remote attacker to perform command injection attacks against an affected device. For more information about these vulnerabilities, see the Details section of this advisory.
Credit: ykramarz@cisco.com ykramarz@cisco.com
Affected Software | Affected Version | How to fix |
---|---|---|
Cisco HyperFlex HX Data Platform | <4.0\(2e\) | |
Cisco HyperFlex HX Data Platform | >=4.5<=4.5\(2a\) | |
Cisco Hyperflex Hx220c Af M5 | ||
Cisco Hyperflex Hx220c All Nvme M5 | ||
Cisco Hyperflex Hx220c Edge M5 | ||
Cisco Hyperflex Hx220c M5 | ||
Cisco Hyperflex Hx240c | ||
Cisco Hyperflex Hx240c Af M5 | ||
Cisco Hyperflex Hx240c M5 | ||
All of | ||
Any of | ||
Cisco HyperFlex HX Data Platform | <4.0\(2e\) | |
Cisco HyperFlex HX Data Platform | >=4.5<4.5\(2a\) | |
Any of | ||
Cisco Hyperflex Hx220c Af M5 | ||
Cisco Hyperflex Hx220c All Nvme M5 | ||
Cisco Hyperflex Hx220c Edge M5 | ||
Cisco Hyperflex Hx220c M5 | ||
Cisco Hyperflex Hx240c | ||
Cisco Hyperflex Hx240c Af M5 | ||
Cisco Hyperflex Hx240c M5 | ||
All of | ||
Any of | ||
<4.0\(2e\) | ||
>=4.5<4.5\(2a\) | ||
Any of | ||
Cisco HyperFlex HX |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this Cisco HyperFlex HX vulnerability is CVE-2021-1498.
The title of this vulnerability is Cisco HyperFlex HX Data Platform Command Injection Vulnerability.
CVE-2021-1498 is rated with a severity score of 9.8 (critical).
An attacker can exploit this vulnerability by performing command injection attacks against the web-based management interface of Cisco HyperFlex HX.
No, authentication is not required to exploit CVE-2021-1498.