CVE-2021-1498

CRITICAL KEV NUCLEI

Cisco HyperFlex HX Data Platform < 4.0(2e) - Unauthenticated OS Command Injection

Title source: llm

Exploitation Summary

CVE-2021-1498 is actively exploited and listed in the CISA Known Exploited Vulnerabilities (KEV) catalog, added November 3, 2021. EIP tracks 1 public exploit from researchers including Nikita Abramov, Mikhail Klyuchnikov, wvu, including a Metasploit module exploits/linux/http/cisco_hyperflex_hx_data_platform_cmd_exec. A Nuclei detection template is also available.

AI-analyzed exploit summary This Metasploit module exploits an unauthenticated command injection vulnerability in Cisco HyperFlex HX Data Platform's /storfs-asup endpoint, allowing execution of shell commands as the Tomcat user. It supports both direct command execution and staged payload delivery.

Description

Multiple vulnerabilities in the web-based management interface of Cisco HyperFlex HX could allow an unauthenticated, remote attacker to perform command injection attacks against an affected device. For more information about these vulnerabilities, see the Details section of this advisory.

Exploits (1)

metasploit WORKING POC EXCELLENT

by Nikita Abramov, Mikhail Klyuchnikov, wvu · rubypocunix

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/cisco_hyperflex_hx_data_platform_cmd_exec.rb

View Code ZIP pw:eip

This Metasploit module exploits an unauthenticated command injection vulnerability in Cisco HyperFlex HX Data Platform's /storfs-asup endpoint, allowing execution of shell commands as the Tomcat user. It supports both direct command execution and staged payload delivery.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: Cisco HyperFlex HX Data Platform

No auth needed

Prerequisites: Network access to the target system · Vulnerable Cisco HyperFlex HX Data Platform instance

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 16, 2026 Full analysis →

Nuclei Templates (1)

Cisco HyperFlex HX Data Platform - Remote Command Execution

CRITICALby gy741

References (3)

Core 3

Core References

Vendor Advisory vendor-advisory x_refsource_cisco

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-hyperflex-rce-TjjNrkpR

Exploit, Third Party Advisory, VDB Entry x_refsource_misc

http://packetstormsecurity.com/files/162976/Cisco-HyperFlex-HX-Data-Platform-Command-Execution.html

US Government Resource

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-1498

Scores

CVSS v3 9.8

EPSS 0.9421

EPSS Percentile 99.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation active

Automatable yes

Technical Impact total

Details

CISA KEV 2021-11-03

VulnCheck KEV 2021-06-24

InTheWild.io 2021-06-06

ENISA EUVD EUVD-2021-6965

CWE

CWE-78 CWE-77

Status published

Products (1)

cisco/hyperflex_hx_data_platform < 4.0\(2e\)

Published May 06, 2021

KEV Added Nov 03, 2021

Tracked Since Feb 18, 2026