1. Home
  2. Mapping Frameworks
  3. Known Exploited Vulnerabilities Home
  4. Cisco HyperFlex HX Data Platform Command Injection Vulnerability

Known Exploited Vulnerabilities CVE-2021-1498 Mappings

Multiple vulnerabilities in the web-based management interface of Cisco HyperFlex HX could allow an unauthenticated, remote attacker to perform command injection attacks against an affected device. For more information about these vulnerabilities, see the Details section of this advisory.

Mappings

Capability ID Capability Description Mapping Type ATT&CK ID ATT&CK Name Notes
CVE-2021-1498 Cisco HyperFlex HX Data Platform Command Injection Vulnerability exploitation_technique T1133 External Remote Services
Comments
CVE-2021-1498 is a critical vulnerability in the web-based management interface of Cisco HyperFlex HX Data Platform. This vulnerability allows an unauthenticated, remote attacker to perform a command injection attack against an affected device
References
  1. https://blog.checkpoint.com/2022/10/13/nsa-cisa-fbi-alert-on-top-cves-actively-exploited-by-peoples-republic-of-china-state-sponsored-cyber-actors-check-point-customers-remain-fully-protected/
  2. https://www.rapid7.com/db/vulnerabilities/cisco-hyperflex-hx-cisco-sa-hyperflex-rce-tjjnrkpr/
CVE-2021-1498 Cisco HyperFlex HX Data Platform Command Injection Vulnerability primary_impact T1059 Command and Scripting Interpreter
Comments
CVE-2021-1498 is a critical vulnerability in the web-based management interface of Cisco HyperFlex HX Data Platform. This vulnerability allows an unauthenticated, remote attacker to perform a command injection attack against an affected device
References
  1. https://blog.checkpoint.com/2022/10/13/nsa-cisa-fbi-alert-on-top-cves-actively-exploited-by-peoples-republic-of-china-state-sponsored-cyber-actors-check-point-customers-remain-fully-protected/
  2. https://www.rapid7.com/db/vulnerabilities/cisco-hyperflex-hx-cisco-sa-hyperflex-rce-tjjnrkpr/