CRITICAL🚩 CISA KEV⚑ EXPLOITβœ“ PATCHπŸ‡΅πŸ‡± Wersja polska

CVE-2021-1497

CVSS 9.8v3.1pub. 2021-05-06upd. 2025-10-28

Multiple vulnerabilities in the web-based management interface of Cisco HyperFlex HX could allow an unauthenticated, remote attacker to perform command injection attacks against an affected device. For more information about these vulnerabilities, see the Details section of this advisory.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Cisco Hyperflex Hx220c Af M5

    HW
    Cisco
    wszystkie wersje
  • Cisco Hyperflex Hx220c All Nvme M5

    HW
    Cisco
    wszystkie wersje
  • Cisco Hyperflex Hx220c Edge M5

    HW
    Cisco
    wszystkie wersje
  • Cisco Hyperflex Hx220c M5

    HW
    Cisco
    wszystkie wersje
  • Cisco Hyperflex Hx240c

    HW
    Cisco
    wszystkie wersje
  • Cisco Hyperflex Hx240c Af M5

    HW
    Cisco
    wszystkie wersje
  • Cisco Hyperflex Hx240c M5

    HW
    Cisco
    wszystkie wersje
  • Cisco Hyperflex Hx Data Platform

    OS
    Cisco
    4.5 – 4.5\(2a\) (bez)< 4.0\(2e\)

CISA KEV β€” detailsi

Vendori
Cisco β†—
Producti
HyperFlex HX
Added to KEVi
November 3, 2021
Remediation deadline (US Federal)i
November 17, 2021(overdue)
Required action (CISA)i

Apply updates per vendor instructions.

CISA descriptioni

Cisco HyperFlex HX Installer Virtual Machine contains an insufficient input validation vulnerability which could allow an attacker to execute commands on an affected device as the root user.

πŸ”΄
IMMEDIATE ACTION
Actively exploited in the wild (CISA KEV). Patch immediately.
⏰CISA DEADLINE: 17 listopada 2021
Tags
Command Injection
CWE
References

Related vulnerabilities

CVE-2021-1498CRITICAL9.8⚠ KEVten sam produkt

Multiple vulnerabilities in the web-based management interface of Cisco HyperFlex HX could allow an unauthenti...

CVE-2019-12621HIGH7.4ten sam produkt

A vulnerability in Cisco HyperFlex Software could allow an unauthenticated, remote attacker to perform a man-i...

CVE-2019-1958HIGH8.8ten sam produkt

A vulnerability in the web-based management interface of Cisco HyperFlex Software could allow an unauthenticat...

CVE-2019-1664HIGH7.8ten sam produkt

A vulnerability in the hxterm service of Cisco HyperFlex Software could allow an unauthenticated, local attack...

CVE-2018-15380HIGH8.8ten sam produkt

A vulnerability in the cluster service manager of Cisco HyperFlex Software could allow an unauthenticated, adj...

CVE-2021-1497 β€” Cisco β€” Hyperflex Hx220C Af M5 β€” CRITICAL β€” CVSS 9.8 | CVEbaza.pl