VDB
CVE-2021-1498
CVE-2021-1498
PUBLISHED
KEV
CVSS 9.800000190734863 CRITICAL
Multiple vulnerabilities in the web-based management interface of Cisco HyperFlex HX could allow an unauthenticated, remote attacker to perform command injection attacks against an affected device. For more information about these vulnerabilities, see the Details section of this advisory.
EPSS 94.21% · 99.9th percentile
Risk Scores
CVSS 3.1
9.800000190734863
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score
94.21%
99.9th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cisco | Cisco HyperFlex HX Data Platform | * |
| cisco | hyperflex_hx_data_platform | 0, 4.5, 0 |
Exploit Intelligence
- http://packetstormsecurity.com/files/162976/Cisco-HyperFlex-HX-Data-Platform-Command-Execution.html (nist-nvd)
- CIRCL seen: CVE-2021-1498 (circl-sighting)
- CIRCL seen: CVE-2021-1498 (circl-sighting)
- CIRCL seen: CVE-2021-1498 (circl-sighting)
- CIRCL seen: CVE-2021-1498 (circl-sighting)
- CIRCL seen: CVE-2021-1498 (circl-sighting)
- CIRCL seen: CVE-2021-1498 (circl-sighting)
- CIRCL seen: CVE-2021-1498 (circl-sighting)
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-1498 (circl)
- 20210505 Cisco HyperFlex HX Command Injection Vulnerabilities (circl)
…and 50 more exploits
Timeline
- May 6, 2021 CVE Published
- May 7, 2021 EPSS Score
- Jun 3, 2021 PoC Published
- Jun 4, 2021 PoC Published
- Jun 4, 2021 EPSS Score
- Jun 8, 2021 EPSS Score
- Jun 13, 2021 EPSS Score
- Jun 15, 2021 CVE Updated
- Jun 24, 2021 VulnCheck KEV Exploitation
- Jul 8, 2021 PoC Published
- Jul 10, 2021 EPSS Score
- Nov 3, 2021 CISA KEV Added
References
- 20210505 Cisco HyperFlex HX Command Injection Vulnerabilities vendor-advisory
- http://packetstormsecurity.com/files/162976/Cisco-HyperFlex-HX-Data-Platform-Command-Execution.html url
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-1498 url
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-anyconnect-code-exec-jR3tWTA6 advisory
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdw-auth-bypass-65aYqcS2 advisory
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-wap-multi-ZAfKGXhF advisory
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sd-wan-vmanage-4TbynnhZ advisory
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-dos-Ckn5cVqW advisory
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-imp-inj-ereCOKjR advisory
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-buffover-MWGucjtO advisory
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nfvis-cmdinj-DkFjqg2j advisory
- https://nvd.nist.gov/vuln/detail/CVE-2021-1498 advisory