CVE-2021-1497

CRITICAL KEV NUCLEI

Cisco HyperFlex HX Data Platform < 4.0(2e) - Unauthenticated OS Command Injection

Title source: llm

Exploitation Summary

CVE-2021-1497 is actively exploited and listed in the CISA Known Exploited Vulnerabilities (KEV) catalog, added November 3, 2021. EIP tracks 2 public exploits from researchers including 34zY, Nikita Abramov, Mikhail Klyuchnikov, wvu, including a Metasploit module exploits/linux/http/cisco_hyperflex_hx_data_platform_cmd_exec. A Nuclei detection template is also available.

AI-analyzed exploit summary The repository lists multiple CVEs and tools but contains no actual exploit code or technical details. It appears to be a collection of references without functional PoCs, likely serving as a lure for further engagement.

Description

Multiple vulnerabilities in the web-based management interface of Cisco HyperFlex HX could allow an unauthenticated, remote attacker to perform command injection attacks against an affected device. For more information about these vulnerabilities, see the Details section of this advisory.

Exploits (2)

nomisec SUSPICIOUS 3 stars

by 34zY · poc

https://github.com/34zY/APT-Backpack

View Code ZIP pw:eip

The repository lists multiple CVEs and tools but contains no actual exploit code or technical details. It appears to be a collection of references without functional PoCs, likely serving as a lure for further engagement.

Classification

Suspicious 90%

Attack Type

Other

Complexity

Theoretical

Reliability

Theoretical

Target: multiple (see CVE list)

No auth needed

Prerequisites: none provided

devstral-2 · analyzed Feb 18, 2026 Full analysis →

metasploit WORKING POC EXCELLENT

by Nikita Abramov, Mikhail Klyuchnikov, wvu · rubypocunix

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/cisco_hyperflex_hx_data_platform_cmd_exec.rb

View Code ZIP pw:eip

This Metasploit module exploits an unauthenticated command injection vulnerability in Cisco HyperFlex HX Data Platform's /storfs-asup endpoint. It allows remote command execution as the Tomcat user by injecting commands into POST parameters.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: Cisco HyperFlex HX Data Platform

No auth needed

Prerequisites: Network access to the target's /storfs-asup endpoint

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter T1203 - Exploitation for Client Execution

devstral-2 · analyzed Apr 22, 2026 Full analysis →

Nuclei Templates (1)

Cisco HyperFlex HX Data Platform - Remote Command Execution

CRITICALby gy741

References (3)

Core 3

Core References

Vendor Advisory vendor-advisory x_refsource_cisco

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-hyperflex-rce-TjjNrkpR

Exploit, Third Party Advisory, VDB Entry x_refsource_misc

http://packetstormsecurity.com/files/162976/Cisco-HyperFlex-HX-Data-Platform-Command-Execution.html

US Government Resource

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-1497

Scores

CVSS v3 9.8

EPSS 0.9436

EPSS Percentile 100.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation active

Automatable yes

Technical Impact total

Details

CISA KEV 2021-11-03

VulnCheck KEV 2021-08-06

InTheWild.io 2021-06-06

ENISA EUVD EUVD-2021-6964

CWE

CWE-78

Status published

Products (1)

cisco/hyperflex_hx_data_platform < 4.0\(2e\)

Published May 06, 2021

KEV Added Nov 03, 2021

Tracked Since Feb 18, 2026