Lucene search

CiscoCVE-2021-1497

HistoryMay 06, 2021 - 1:15 p.m.

CVE-2021-1497

2021-05-0613:15:10

CWE-78

cisco

web.nvd.nist.gov

961

In Wild

cisco

hyperflex

vulnerabilities

web-based management

command injection

remote attacker

nvd

cve-2021-1497

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.7

Confidence

High

EPSS

0.975

Percentile

100.0%

JSON

Multiple vulnerabilities in the web-based management interface of Cisco HyperFlex HX could allow an unauthenticated, remote attacker to perform command injection attacks against an affected device. For more information about these vulnerabilities, see the Details section of this advisory.

Affected configurations

Nvd

Node

ciscohyperflex_hx_data_platformRange<4.0\(2e\)

ciscohyperflex_hx_data_platformRange4.5–4.5\(2a\)

AND

ciscohyperflex_hx220c_af_m5Match-

ciscohyperflex_hx220c_all_nvme_m5Match-

ciscohyperflex_hx220c_edge_m5Match-

ciscohyperflex_hx220c_m5Match-

ciscohyperflex_hx240cMatch-

ciscohyperflex_hx240c_af_m5Match-

ciscohyperflex_hx240c_m5Match-

VendorProductVersionCPE
ciscohyperflex_hx_data_platform*cpe:2.3:o:cisco:hyperflex_hx_data_platform:*:*:*:*:*:*:*:*
ciscohyperflex_hx220c_af_m5-cpe:2.3:h:cisco:hyperflex_hx220c_af_m5:-:*:*:*:*:*:*:*
ciscohyperflex_hx220c_all_nvme_m5-cpe:2.3:h:cisco:hyperflex_hx220c_all_nvme_m5:-:*:*:*:*:*:*:*
ciscohyperflex_hx220c_edge_m5-cpe:2.3:h:cisco:hyperflex_hx220c_edge_m5:-:*:*:*:*:*:*:*
ciscohyperflex_hx220c_m5-cpe:2.3:h:cisco:hyperflex_hx220c_m5:-:*:*:*:*:*:*:*
ciscohyperflex_hx240c-cpe:2.3:h:cisco:hyperflex_hx240c:-:*:*:*:*:*:*:*
ciscohyperflex_hx240c_af_m5-cpe:2.3:h:cisco:hyperflex_hx240c_af_m5:-:*:*:*:*:*:*:*
ciscohyperflex_hx240c_m5-cpe:2.3:h:cisco:hyperflex_hx240c_m5:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
cisco	hyperflex_hx_data_platform	*	cpe:2.3:o:cisco:hyperflex_hx_data_platform::::::::
cisco	hyperflex_hx220c_af_m5	-	cpe:2.3:h:cisco:hyperflex_hx220c_af_m5:-:::::::*
cisco	hyperflex_hx220c_all_nvme_m5	-	cpe:2.3:h:cisco:hyperflex_hx220c_all_nvme_m5:-:::::::*
cisco	hyperflex_hx220c_edge_m5	-	cpe:2.3:h:cisco:hyperflex_hx220c_edge_m5:-:::::::*
cisco	hyperflex_hx220c_m5	-	cpe:2.3:h:cisco:hyperflex_hx220c_m5:-:::::::*
cisco	hyperflex_hx240c	-	cpe:2.3:h:cisco:hyperflex_hx240c:-:::::::*
cisco	hyperflex_hx240c_af_m5	-	cpe:2.3:h:cisco:hyperflex_hx240c_af_m5:-:::::::*
cisco	hyperflex_hx240c_m5	-	cpe:2.3:h:cisco:hyperflex_hx240c_m5:-:::::::*

CNA Affected

[
  {
    "product": "Cisco HyperFlex HX Data Platform",
    "vendor": "Cisco",
    "versions": [
      {
        "status": "affected",
        "version": "n/a"
      }
    ]
  }
]