Threat Encyclopedia

Cisco.HyperFlex.HX.storfs-asup.Handling.Command.Injection

Description

This indicates an attack attempt to exploit a Command Injection Vulnerability in Cisco Systems HyperFlex Software.
The vulnerability is due to improper input sanitization. A remote, unauthenticated attacker can exploit this vulnerability by sending a crafted request to the web-based management interface of the target server. Successful exploitation could lead to execution of arbitrary code in the context of the target process.

Affected Products

Cisco Systems HyperFlex Software prior to 4.0(2e)
Cisco Systems HyperFlex Software prior to 4.5(2a)

Impact

System Compromise: Remote attackers can gain control of vulnerable systems.

Recommended Actions

Apply the most recent upgrade or patch from the vendor.
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-hyperflex-rce-TjjNrkpR

CVE References

CVE-2021-1498