Back to KEVs

CVE-2021-1497

Cisco HyperFlex HX Command Injection Vulnerabilities

Basic Information

CVE State
PUBLISHED
Reserved Date
November 13, 2020
Published Date
May 06, 2021
Last Updated
November 08, 2024
Vendor
Cisco
Product
Cisco HyperFlex HX Data Platform
Description
Multiple vulnerabilities in the web-based management interface of Cisco HyperFlex HX could allow an unauthenticated, remote attacker to perform command injection attacks against an affected device. For more information about these vulnerabilities, see the Details section of this advisory.

CVSS Scores

CVSS v3.1

9.8 - CRITICAL

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

SSVC Information

Exploitation
active
Automatable
Yes
Technical Impact
total

Exploit Status

Exploited in the Wild
Yes (added 2021-11-03 00:00:00 UTC) Source

References

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-hyperflex-rce-TjjNrkpR http://packetstormsecurity.com/files/162976/Cisco-HyperFlex-HX-Data-Platform-Command-Execution.html

Known Exploited Vulnerability Information

Source Added Date
CISA 2021-11-03 00:00:00 UTC

Scanner Integrations

Scanner URL Date Detected
Metasploit https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/cisco_hyperflex_hx_data_platform_cmd_exec.rb 2025-04-29 11:01:12 UTC
Nuclei https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2021/CVE-2021-1497.yaml 2025-04-26 00:00:00 UTC