QID 730070
Date Published: 2021-05-06
QID 730070: Cisco HyperFlex HX Command Injection Vulnerabilities(cisco-sa-hyperflex-rce-TjjNrkpR)
Multiple vulnerabilities in the web-based management interface of Cisco HyperFlex HX
could allow an unauthenticated, remote
attacker to perform command injection attacks against an affected device.
Affected Products
Cisco devices if they are running a vulnerable release of Cisco HyperFlex HX Software.
Prior to 4.0(2e)
From 4.0 Prior to 4.0(2e)
From 4.5 Prior to 4.5(1b)
QID Detection Logic (unauthenticated):
The QID matches the Vulnerable versions of Cisco HyperFlex by sending HTTP GET request to 'hx/api/about'.
A successful exploit could allow the attacker to execute arbitrary commands on an affected device as the root user.
Solution
Customers are advised to refer to cisco-sa-hyperflex-rce-TjjNrkpR for more information.
Vendor References
- cisco-sa-hyperflex-rce-TjjNrkpR -
tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-hyperflex-rce-TjjNrkpR
CVEs related to QID 730070
Software Advisories
| Advisory ID | Software | Component | Link |
|---|---|---|---|
| cisco-sa-hyperflex-rce-TjjNrkpR |
|