{
  "GSD": {
    "alias": "CVE-2021-1498",
    "description": "Multiple vulnerabilities in the web-based management interface of Cisco HyperFlex HX could allow an unauthenticated, remote attacker to perform command injection attacks against an affected device. For more information about these vulnerabilities, see the Details section of this advisory.",
    "id": "GSD-2021-1498",
    "references": [
      "https://packetstormsecurity.com/files/cve/CVE-2021-1498"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2021-1498"
      ],
      "details": "Multiple vulnerabilities in the web-based management interface of Cisco HyperFlex HX could allow an unauthenticated, remote attacker to perform command injection attacks against an affected device. For more information about these vulnerabilities, see the Details section of this advisory.",
      "id": "GSD-2021-1498",
      "modified": "2023-12-13T01:23:21.954974Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cisa.gov": {
      "cveID": "CVE-2021-1498",
      "dateAdded": "2021-11-03",
      "dueDate": "2021-11-17",
      "product": "HyperFlex HX",
      "requiredAction": "Apply updates per vendor instructions.",
      "shortDescription": "Multiple vulnerabilities in the web-based management interface of Cisco HyperFlex HX could allow an unauthenticated, remote attacker to perform command injection attacks against an affected device.",
      "vendorProject": "Cisco",
      "vulnerabilityName": "Cisco HyperFlex HX Command Injection Vulnerabilities"
    },
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "psirt@cisco.com",
        "DATE_PUBLIC": "2021-05-05T16:00:00",
        "ID": "CVE-2021-1498",
        "STATE": "PUBLIC",
        "TITLE": "Cisco HyperFlex HX Command Injection Vulnerabilities"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Cisco HyperFlex HX Data Platform ",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Cisco"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Multiple vulnerabilities in the web-based management interface of Cisco HyperFlex HX could allow an unauthenticated, remote attacker to perform command injection attacks against an affected device. For more information about these vulnerabilities, see the Details section of this advisory."
          }
        ]
      },
      "exploit": [
        {
          "lang": "eng",
          "value": "The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerabilities described in this advisory. "
        }
      ],
      "impact": {
        "cvss": {
          "baseScore": "9.8",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H ",
          "version": "3.0"
        }
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "CWE-78"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "20210505 Cisco HyperFlex HX Command Injection Vulnerabilities",
            "refsource": "CISCO",
            "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-hyperflex-rce-TjjNrkpR"
          },
          {
            "name": "http://packetstormsecurity.com/files/162976/Cisco-HyperFlex-HX-Data-Platform-Command-Execution.html",
            "refsource": "MISC",
            "url": "http://packetstormsecurity.com/files/162976/Cisco-HyperFlex-HX-Data-Platform-Command-Execution.html"
          }
        ]
      },
      "source": {
        "advisory": "cisco-sa-hyperflex-rce-TjjNrkpR",
        "defect": [
          [
            "CSCvx36014",
            "CSCvx36019",
            "CSCvx37435"
          ]
        ],
        "discovery": "INTERNAL"
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:hyperflex_hx_data_platform:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "4.0\\(2e\\)",
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:cisco:hyperflex_hx_data_platform:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndIncluding": "4.5\\(2a\\)",
                    "versionStartIncluding": "4.5",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:hyperflex_hx220c_af_m5:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:hyperflex_hx220c_all_nvme_m5:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:hyperflex_hx220c_edge_m5:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:hyperflex_hx220c_m5:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:hyperflex_hx240c:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:hyperflex_hx240c_af_m5:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:h:cisco:hyperflex_hx240c_m5:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "psirt@cisco.com",
          "ID": "CVE-2021-1498"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Multiple vulnerabilities in the web-based management interface of Cisco HyperFlex HX could allow an unauthenticated, remote attacker to perform command injection attacks against an affected device. For more information about these vulnerabilities, see the Details section of this advisory."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-78"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20210505 Cisco HyperFlex HX Command Injection Vulnerabilities",
              "refsource": "CISCO",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-hyperflex-rce-TjjNrkpR"
            },
            {
              "name": "http://packetstormsecurity.com/files/162976/Cisco-HyperFlex-HX-Data-Platform-Command-Execution.html",
              "refsource": "MISC",
              "tags": [
                "Exploit",
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://packetstormsecurity.com/files/162976/Cisco-HyperFlex-HX-Data-Platform-Command-Execution.html"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2021-06-07T20:57Z",
      "publishedDate": "2021-05-06T13:15Z"
    }
  }
}

{
  "affected": [],
  "aliases": [
    "CVE-2021-1498"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-77",
      "CWE-78"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-05-06T13:15:00Z",
    "severity": "CRITICAL"
  },
  "details": "Multiple vulnerabilities in the web-based management interface of Cisco HyperFlex HX could allow an unauthenticated, remote attacker to perform command injection attacks against an affected device. For more information about these vulnerabilities, see the Details section of this advisory.",
  "id": "GHSA-h6vv-5xx4-c25q",
  "modified": "2025-10-22T00:32:07Z",
  "published": "2022-05-24T19:01:36Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-1498"
    },
    {
      "type": "WEB",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-hyperflex-rce-TjjNrkpR"
    },
    {
      "type": "WEB",
      "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-1498"
    },
    {
      "type": "WEB",
      "url": "http://packetstormsecurity.com/files/162976/Cisco-HyperFlex-HX-Data-Platform-Command-Execution.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Cisco SD-WAN vEdge Cloud Routers versions ant\u00e9rieures \u00e0 20.4.1 ou 20.5.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco WAP125 Wireless-AC Dual Band Desktop Access Point with PoE versions ant\u00e9rieures \u00e0 1.0.4.3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco WAP150 Wireless-AC/N Dual Radio Access Point with PoE versions ant\u00e9rieures \u00e0 1.1.3.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco WAP351 Wireless-N Dual Radio Access Point with 5-Port Switch1 toutes versions (produit en fin de vie, ne recevra pas de correctif)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco WAP131 Wireless-N Dual Radio Access Point with PoE 1 toutes versions (produit en fin de vie, ne recevra pas de correctif)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco WAP581 Wireless-AC Dual Radio Wave 2 Access Point with 2.5GbE LAN versions ant\u00e9rieures \u00e0 1.0.4.4",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco AnyConnect Secure Mobility Client pour Windows versions ant\u00e9rieures \u00e0 4.10.00093",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco Enterprise NFV Infrastructure Software (NFVIS) versions ant\u00e9rieures \u00e0 4.5.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco HyperFlex HX Software versions ant\u00e9rieures \u00e0 4.0(2e) ou 4.5(1b) 4.5(2a)",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco Unified Communications Manager IM \u0026 Presence Service versions ant\u00e9rieures \u00e0 11.5(1)SU9",
      "product": {
        "name": "Unified Communications Manager",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco SD-WAN vSmart Controller Software versions ant\u00e9rieures \u00e0 20.4.1 ou 20.5.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco SD-WAN vEdge Routers versions ant\u00e9rieures \u00e0 20.4.1 ou 20.5.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco SD-WAN vManage Software versions ant\u00e9rieures \u00e0 20.4.1 ou 20.5.1",
      "product": {
        "name": "SD-WAN vManage",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "IOS XE SD-WAN Software toutes versions",
      "product": {
        "name": "IOS XE",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco Unified Communications Manager IM \u0026 Presence Service versions 12.x ant\u00e9rieures \u00e0 12.5(1)SU4",
      "product": {
        "name": "Unified Communications Manager",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco SD-WAN vBond Orchestrator Software versions ant\u00e9rieures \u00e0 20.4.1 ou 20.5.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    },
    {
      "description": "Cisco WAP361 Wireless-AC/N Dual Radio Wall Plate Access Point with PoE versions ant\u00e9rieures \u00e0 1.1.3.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Cisco",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2021-1430",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-1430"
    },
    {
      "name": "CVE-2021-1428",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-1428"
    },
    {
      "name": "CVE-2021-1275",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-1275"
    },
    {
      "name": "CVE-2021-1468",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-1468"
    },
    {
      "name": "CVE-2021-1365",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-1365"
    },
    {
      "name": "CVE-2021-1497",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-1497"
    },
    {
      "name": "CVE-2021-1426",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-1426"
    },
    {
      "name": "CVE-2021-1510",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-1510"
    },
    {
      "name": "CVE-2021-1508",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-1508"
    },
    {
      "name": "CVE-2021-1513",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-1513"
    },
    {
      "name": "CVE-2021-1401",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-1401"
    },
    {
      "name": "CVE-2021-1429",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-1429"
    },
    {
      "name": "CVE-2021-1505",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-1505"
    },
    {
      "name": "CVE-2021-1363",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-1363"
    },
    {
      "name": "CVE-2021-1509",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-1509"
    },
    {
      "name": "CVE-2021-1498",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-1498"
    },
    {
      "name": "CVE-2021-1427",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-1427"
    },
    {
      "name": "CVE-2021-1421",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-1421"
    },
    {
      "name": "CVE-2021-1284",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-1284"
    },
    {
      "name": "CVE-2021-1511",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-1511"
    },
    {
      "name": "CVE-2021-1506",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-1506"
    },
    {
      "name": "CVE-2021-1400",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-1400"
    },
    {
      "name": "CVE-2021-1496",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-1496"
    }
  ],
  "initial_release_date": "2021-05-06T00:00:00",
  "last_revision_date": "2021-06-15T00:00:00",
  "links": [],
  "reference": "CERTFR-2021-AVI-350",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2021-05-06T00:00:00.000000"
    },
    {
      "description": "Correction de la version 4.5 non vuln\u00e9rable d\u0027HyperFlex HX.",
      "revision_date": "2021-06-15T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Cisco.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance\net un contournement de la politique de s\u00e9curit\u00e9.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Cisco",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-anyconnect-code-exec-jR3tWTA6 du 05 mai 2021",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-anyconnect-code-exec-jR3tWTA6"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-sdw-auth-bypass-65aYqcS2 du 05 mai 2021",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdw-auth-bypass-65aYqcS2"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-sb-wap-multi-ZAfKGXhF du 05 mai 2021",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-wap-multi-ZAfKGXhF"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-sd-wan-vmanage-4TbynnhZ du 05 mai 2021",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sd-wan-vmanage-4TbynnhZ"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-sdwan-dos-Ckn5cVqW du 05 mai 2021",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-dos-Ckn5cVqW"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-imp-inj-ereCOKjR du 05 mai 2021",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-imp-inj-ereCOKjR"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-sdwan-buffover-MWGucjtO du 05 mai 2021",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-buffover-MWGucjtO"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-hyperflex-rce-TjjNrkpR du 05 mai 2021",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-hyperflex-rce-TjjNrkpR"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Cisco cisco-sa-nfvis-cmdinj-DkFjqg2j du 05 mai 2021",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nfvis-cmdinj-DkFjqg2j"
    }
  ]
}

{
  "CVSS 2.0": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
  "CVSS 3.0": "AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
  "CVSS 4.0": null,
  "remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
  "remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
  "\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "Cisco Systems Inc.",
  "\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "\u0434\u043e 4.0(2e) (Cisco HyperFlex HX-Series), \u043e\u0442 4.5 \u0434\u043e 4.5(2a) (Cisco HyperFlex HX-Series)",
  "\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439:\nhttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-hyperflex-rce-TjjNrkpR",
  "\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "05.05.2021",
  "\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "29.11.2021",
  "\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "19.05.2021",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2021-02570",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2021-1498",
  "\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
  "\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
  "\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Cisco HyperFlex HX-Series",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": null,
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0432\u0435\u0431-\u0438\u043d\u0442\u0435\u0440\u0444\u0435\u0439\u0441\u0430 \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b \u0434\u0430\u043d\u043d\u044b\u0445 Cisco HyperFlex, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0432\u044b\u043f\u043e\u043b\u043d\u044f\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0435 \u043a\u043e\u043c\u0430\u043d\u0434\u044b \u0432 \u0446\u0435\u043b\u0435\u0432\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u0435 \u0441 \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u044f\u043c\u0438 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f tomcat8",
  "\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0421\u0443\u0449\u0435\u0441\u0442\u0432\u0443\u0435\u0442 \u0432 \u043e\u0442\u043a\u0440\u044b\u0442\u043e\u043c \u0434\u043e\u0441\u0442\u0443\u043f\u0435",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u041d\u0435\u043f\u0440\u0438\u043d\u044f\u0442\u0438\u0435 \u043c\u0435\u0440 \u043f\u043e \u043d\u0435\u0439\u0442\u0440\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u0438 \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u044c\u043d\u044b\u0445 \u044d\u043b\u0435\u043c\u0435\u043d\u0442\u043e\u0432, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u043c\u044b\u0445 \u0432 \u043a\u043e\u043c\u0430\u043d\u0434\u0435 \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u044b (\u0412\u043d\u0435\u0434\u0440\u0435\u043d\u0438\u0435 \u0432 \u043a\u043e\u043c\u0430\u043d\u0434\u0443 \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u044b) (CWE-78)",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0432\u0435\u0431-\u0438\u043d\u0442\u0435\u0440\u0444\u0435\u0439\u0441\u0430 \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b \u0434\u0430\u043d\u043d\u044b\u0445 Cisco HyperFlex \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043d\u0435\u043f\u0440\u0438\u043d\u044f\u0442\u0438\u0435\u043c \u043c\u0435\u0440 \u043f\u043e \u043d\u0435\u0439\u0442\u0440\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u0438 \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u044c\u043d\u044b\u0445 \u044d\u043b\u0435\u043c\u0435\u043d\u0442\u043e\u0432, \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u043c\u044b\u0445 \u0432 \u043a\u043e\u043c\u0430\u043d\u0434\u0430\u0445 \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u044b. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e, \u0432\u044b\u043f\u043e\u043b\u043d\u044f\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0435 \u043a\u043e\u043c\u0430\u043d\u0434\u044b \u0432 \u0446\u0435\u043b\u0435\u0432\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u0435 \u0441 \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u044f\u043c\u0438 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f tomcat8",
  "\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
  "\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
  "\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430",
  "\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u0418\u043d\u044a\u0435\u043a\u0446\u0438\u044f",
  "\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-hyperflex-rce-TjjNrkpR\nhttps://www.cybersecurity-help.cz/vulnerabilities/52945/",
  "\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
  "\u0422\u0438\u043f \u041f\u041e": "\u041f\u041e \u0441\u0435\u0442\u0435\u0432\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e-\u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0433\u043e \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430",
  "\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-78",
  "\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 7,5)\n\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 7,3)"
}

{
  "cisaActionDue": "2021-11-17",
  "cisaExploitAdd": "2021-11-03",
  "cisaRequiredAction": "Apply updates per vendor instructions.",
  "cisaVulnerabilityName": "Cisco HyperFlex HX Data Platform Command Injection Vulnerability",
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:cisco:hyperflex_hx_data_platform:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "17BC381C-F6CD-4B90-B4AE-8544966ECCE6",
              "versionEndExcluding": "4.0\\(2e\\)",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:cisco:hyperflex_hx_data_platform:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D125A3BA-3182-4E44-92CB-E46CA2D5292D",
              "versionEndExcluding": "4.5\\(2a\\)",
              "versionStartIncluding": "4.5",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:cisco:hyperflex_hx220c_af_m5:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "0D5AFDE1-3A3B-4AF8-A425-492558B0B2EA",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:hyperflex_hx220c_all_nvme_m5:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "43CAFBEF-82AC-425C-B659-7856C2ADC7DF",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:hyperflex_hx220c_edge_m5:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "9B38E0BA-D320-406B-8739-6218B96DFD24",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:hyperflex_hx220c_m5:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E19D6AF-E190-463D-B359-BB02362490D1",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:hyperflex_hx240c:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F4440219-AA2A-4AA3-B780-2F2DB62D0100",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:hyperflex_hx240c_af_m5:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "EFF775A8-5A2C-42B7-B26C-85921D803A25",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:h:cisco:hyperflex_hx240c_m5:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5009EC3A-40C9-44B0-8E5E-599657F819FA",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Multiple vulnerabilities in the web-based management interface of Cisco HyperFlex HX could allow an unauthenticated, remote attacker to perform command injection attacks against an affected device. For more information about these vulnerabilities, see the Details section of this advisory."
    },
    {
      "lang": "es",
      "value": "M\u00faltiples vulnerabilidades en la interfaz de administraci\u00f3n basada en web de Cisco HyperFlex HX, podr\u00edan permitir a un atacante remoto no autenticado llevar a cabo ataques de inyecci\u00f3n de comandos contra un dispositivo afectado.\u0026#xa0;Para obtener m\u00e1s informaci\u00f3n sobre estas vulnerabilidades, consulte la secci\u00f3n Detalles de este aviso"
    }
  ],
  "id": "CVE-2021-1498",
  "lastModified": "2025-10-28T13:58:25.420",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "psirt@cisco.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-05-06T13:15:10.537",
  "references": [
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Exploit",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://packetstormsecurity.com/files/162976/Cisco-HyperFlex-HX-Data-Platform-Command-Execution.html"
    },
    {
      "source": "psirt@cisco.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-hyperflex-rce-TjjNrkpR"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://packetstormsecurity.com/files/162976/Cisco-HyperFlex-HX-Data-Platform-Command-Execution.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-hyperflex-rce-TjjNrkpR"
    },
    {
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "tags": [
        "US Government Resource"
      ],
      "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-1498"
    }
  ],
  "sourceIdentifier": "psirt@cisco.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-78"
        }
      ],
      "source": "psirt@cisco.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-77"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}