CVE-2021-1497

CRITICAL KEV NUCLEI

Cisco Hyperflex HX Data Platform < 4.0\(2e\) - OS Command Injection

Title source: rule

Description

Multiple vulnerabilities in the web-based management interface of Cisco HyperFlex HX could allow an unauthenticated, remote attacker to perform command injection attacks against an affected device. For more information about these vulnerabilities, see the Details section of this advisory.

Exploits (2)

nomisec SUSPICIOUS 3 stars

by 34zY · poc

https://github.com/34zY/APT-Backpack

View Code ZIP pw:eip

metasploit WORKING POC EXCELLENT

by Nikita Abramov, Mikhail Klyuchnikov, wvu · rubypocunix

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/cisco_hyperflex_hx_data_platform_cmd_exec.rb

View Code ZIP pw:eip

Nuclei Templates (1)

Cisco HyperFlex HX Data Platform - Remote Command Execution

CRITICALby gy741

References (3)

[Exploit, Third Party Advisory, VDB Entry] http://packetstormsecurity.com/files/162976/Cisco-HyperFlex-HX-Data-Platform-Command-Execution.html

[Vendor Advisory] https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-hyperflex-rce-TjjNrkpR

[US Government Resource] https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-1497

Scores

CVSS v3 9.8

EPSS 0.9436

EPSS Percentile 100.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CISA KEV 2021-11-03

VulnCheck KEV 2021-08-06

InTheWild.io 2021-06-06

ENISA EUVD EUVD-2021-6964

CWE

CWE-78

Status published

Products (1)

cisco/hyperflex_hx_data_platform < 4.0\(2e\)

Published May 06, 2021

KEV Added Nov 03, 2021

Tracked Since Feb 18, 2026