1. Home
  2. Mapping Frameworks
  3. Known Exploited Vulnerabilities Home
  4. Cisco HyperFlex HX Installer Virtual Machine Command Injection Vulnerability

Known Exploited Vulnerabilities CVE-2021-1497 Mappings

Multiple vulnerabilities in the web-based management interface of Cisco HyperFlex HX could allow an unauthenticated, remote attacker to perform command injection attacks against an affected device. For more information about these vulnerabilities, see the Details section of this advisory.

Mappings

Capability ID Capability Description Mapping Type ATT&CK ID ATT&CK Name Notes
CVE-2021-1497 Cisco HyperFlex HX Installer Virtual Machine Command Injection Vulnerability exploitation_technique T1133 External Remote Services
Comments
CVE-2021-1497 is a critical vulnerability in the web-based management interface of Cisco HyperFlex HX Installer Virtual Machine. This vulnerability allows an unauthenticated, remote attacker to perform a command injection attack against an affected device
References
  1. https://www.cisa.gov/news-events/cybersecurity-advisories/aa22-279a
  2. https://www.rapid7.com/db/vulnerabilities/cisco-hyperflex-hx-cisco-sa-hyperflex-rce-tjjnrkpr/
CVE-2021-1497 Cisco HyperFlex HX Installer Virtual Machine Command Injection Vulnerability primary_impact T1059 Command and Scripting Interpreter
Comments
CVE-2021-1497 is a critical vulnerability in the web-based management interface of Cisco HyperFlex HX Installer Virtual Machine. This vulnerability allows an unauthenticated, remote attacker to perform a command injection attack against an affected device
References
  1. https://www.cisa.gov/news-events/cybersecurity-advisories/aa22-279a
  2. https://www.rapid7.com/db/vulnerabilities/cisco-hyperflex-hx-cisco-sa-hyperflex-rce-tjjnrkpr/