Rapid7 Vulnerability & Exploit Database

Cisco HyperFlex HX: cisco-sa-hyperflex-rce-tjjnrkpr: Command Injection Vulnerability

Free InsightVM Trial No Credit Card Necessary
Watch Demo See how it all works
Back to Search

Cisco HyperFlex HX: cisco-sa-hyperflex-rce-tjjnrkpr: Command Injection Vulnerability

Severity
9
CVSS
(AV:N/AC:L/Au:N/C:C/I:C/A:C)
Published
05/05/2021
Created
03/11/2022
Added
03/09/2022
Modified
05/03/2022

Description

CVE-2021-1497: A vulnerability in the web-based management interface of Cisco HyperFlex HX Installer Virtual Machine could allow an unauthenticated, remote attacker to perform a command injection attack against an affected device. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted request to the web-based management interface. A successful exploit could allow the attacker to execute arbitrary commands on an affected device as the root user.

CVE-2021-1498: A vulnerability in the web-based management interface of Cisco HyperFlex HX Data Platform could allow an unauthenticated, remote attacker to perform a command injection attack against an affected device. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted request to the web-based management interface. A successful exploit could allow the attacker to execute arbitrary commands on an affected device as the tomcat8 user.

This check requires the Metasploit Remote Check Service to be enabled on Scan Engines. Please see the Metasploit Remote Check Service documentation for instructions on how to enable this functionality.

Solution(s)

  • cisco-hyperflex-hx-upgrade-latest

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;