CVE-2021-1498

CRITICAL KEV NUCLEI

Cisco Hyperflex HX Data Platform < 4.0\(2e\) - Command Injection

Title source: rule

Description

Multiple vulnerabilities in the web-based management interface of Cisco HyperFlex HX could allow an unauthenticated, remote attacker to perform command injection attacks against an affected device. For more information about these vulnerabilities, see the Details section of this advisory.

Exploits (1)

metasploit WORKING POC EXCELLENT

by Nikita Abramov, Mikhail Klyuchnikov, wvu · rubypocunix

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/cisco_hyperflex_hx_data_platform_cmd_exec.rb

View Code ZIP pw:eip

Nuclei Templates (1)

Cisco HyperFlex HX Data Platform - Remote Command Execution

CRITICALby gy741

References (3)

[Exploit, Third Party Advisory, VDB Entry] http://packetstormsecurity.com/files/162976/Cisco-HyperFlex-HX-Data-Platform-Command-Execution.html

[Vendor Advisory] https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-hyperflex-rce-TjjNrkpR

[US Government Resource] https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-1498

Scores

CVSS v3 9.8

EPSS 0.9421

EPSS Percentile 99.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CISA KEV 2021-11-03

VulnCheck KEV 2021-06-24

InTheWild.io 2021-06-06

ENISA EUVD EUVD-2021-6965

CWE

CWE-78 CWE-77

Status published

Products (1)

cisco/hyperflex_hx_data_platform < 4.0\(2e\)

Published May 06, 2021

KEV Added Nov 03, 2021

Tracked Since Feb 18, 2026