CVE-2021-1497
Summary
| CVE | CVE-2021-1497 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2021-05-06 13:15:00 UTC |
| Updated | 2023-11-07 03:28:00 UTC |
| Description | Multiple vulnerabilities in the web-based management interface of Cisco HyperFlex HX could allow an unauthenticated, remote attacker to perform command injection attacks against an affected device. For more information about these vulnerabilities, see the Details section of this advisory. |
Risk And Classification
EPSS: 0.999280000 probability, percentile 0.999680000 (date 2026-07-17)
CISA KEV: Listed on 2021-11-03; due 2021-11-17; ransomware use Unknown
Problem Types: CWE-78
CISA Known Exploited Vulnerability
| Vendor | Cisco |
|---|---|
| Product | HyperFlex HX |
| Name | Cisco HyperFlex HX Installer Virtual Machine Command Injection Vulnerability |
| Required Action | Apply updates per vendor instructions. |
| Notes | https://nvd.nist.gov/vuln/detail/CVE-2021-1497 |
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Hardware | Cisco | Hyperflex Hx220c Af M5 | - | All | All | All |
| Hardware | Cisco | Hyperflex Hx220c All Nvme M5 | - | All | All | All |
| Hardware | Cisco | Hyperflex Hx220c Edge M5 | - | All | All | All |
| Hardware | Cisco | Hyperflex Hx220c M5 | - | All | All | All |
| Hardware | Cisco | Hyperflex Hx240c | - | All | All | All |
| Hardware | Cisco | Hyperflex Hx240c Af M5 | - | All | All | All |
| Hardware | Cisco | Hyperflex Hx240c M5 | - | All | All | All |
| Operating System | Cisco | Hyperflex Hx Data Platform | 4.0\(2a\) | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Cisco HyperFlex HX Command Injection Vulnerabilities | CISCO | tools.cisco.com | |
| Cisco HyperFlex HX Data Platform Command Execution ≈ Packet Storm | MISC | packetstormsecurity.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
| CISA Known Exploited Vulnerabilities catalog | CISA | www.cisa.gov | kev |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 730070 Cisco HyperFlex HX Command Injection Vulnerabilities(cisco-sa-hyperflex-rce-TjjNrkpR)