virus logo Intrusion Prevention

Cisco.HyperFlex.HX.storfs-asup.Handling.Command.Injection

description-logoDescription

This indicates an attack attempt to exploit a Command Injection Vulnerability in Cisco Systems HyperFlex Software.
The vulnerability is due to improper input sanitization. A remote, unauthenticated attacker can exploit this vulnerability by sending a crafted request to the web-based management interface of the target server. Successful exploitation could lead to execution of arbitrary code in the context of the target process.

affected-products-logoAffected Products

Cisco Systems HyperFlex Software prior to 4.0(2e)
Cisco Systems HyperFlex Software prior to 4.5(2a)

Impact logoImpact

System Compromise: Remote attackers can gain control of vulnerable systems.

recomended-action-logoRecommended Actions

Apply the most recent upgrade or patch from the vendor.
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-hyperflex-rce-TjjNrkpR

Telemetry logoTelemetry

Coverage

IPS (Regular DB)
IPS (Extended DB)

Version Updates

Date Version Detail
2021-08-11 18.137 Default_action:pass:drop
2021-06-02 18.090
ID 50411
Created May 25, 2021
Updated Aug 10, 2021
Risk black-background-circle-icon black-background-circle-icon black-background-circle-icon black-background-circle-icon black-background-circle-icon
CVE ID CVE-2021-1498
Known Exploited Yes
Exploit Prediction Score 97.53%
Default Action drop
Active
Affected OS Other
Affected App Cisco