| ID | 1090501600 |
| Created | Oct 31, 2022 |
| Updated | Oct 31, 2022 |
| Severity |
|
| Default Action | pass |
| Active |
|
| Affected OS | Other |
| Affected App | Cisco |
| Engine Version | 5.0.0 or later |
Legend
| Enabled/Available |
|
| Disabled/Not Available |
|
Update History
| Date | Version | Detail |
|---|---|---|
| 2022-10-31 | 0.00333 |
Refine Search
Threat Encyclopedia
Cisco.HyperFlex.HX.Auth.Handling.Command.Injection
Description
This indicates an attack attempt to exploit a Command Injection Vulnerability in Cisco Systems HyperFlex Software.
The vulnerability is due to improper input sanitization. A remote, unauthenticated attacker can exploit this vulnerability by sending a crafted request to the web-based management interface of the target server. Successful exploitation could lead to execution of arbitrary code in the context of root user.
Affected Products
Cisco Systems HyperFlex Software prior to 4.0(2e)
Cisco Systems HyperFlex Software prior to 4.5(2a)
Impact
System Compromise: Remote attackers can gain control of vulnerable systems.
Recommended Actions
Apply the most recent upgrade or patch from the vendor.
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-hyperflex-rce-TjjNrkpR