CVE-2021-1497
Published: 06 May 2021
Summary
CVE-2021-1497 is a critical-severity OS Command Injection (CWE-78) vulnerability in Cisco Hyperflex Hx Data Platform. Its CVSS base score is 9.8 (Critical).
Operationally, ranked in the top 0.0% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and SI-10 (Information Input Validation).
Deeper analysis
CVE-2021-1497 is a set of command injection vulnerabilities, tracked under CWE-78, that affect the web-based management interface of Cisco HyperFlex HX. The issues carry a CVSS 3.1 base score of 9.8 and permit unauthenticated remote attackers to inject and execute arbitrary operating-system commands on an affected device.
An unauthenticated attacker with network access can send specially crafted HTTP requests to the management interface, resulting in full command execution. Successful exploitation grants the attacker complete control over confidentiality, integrity, and availability of the target system without requiring user interaction or credentials.
The official Cisco Security Advisory cisco-sa-hyperflex-rce-TjjNrkpR provides remediation guidance and software updates, while CISA has added the CVE to its Known Exploited Vulnerabilities catalog, confirming observed in-the-wild exploitation.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2021-6964
Vulnerability details
Multiple vulnerabilities in the web-based management interface of Cisco HyperFlex HX could allow an unauthenticated, remote attacker to perform command injection attacks against an affected device. For more information about these vulnerabilities, see the Details section of this advisory.
- CWE(s)
- KEV Date Added
- 03 November 2021
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly requires validation of all inputs to the web management interface, blocking the specially crafted HTTP requests that trigger OS command injection under CWE-78.
Enforces that the management interface only permits authenticated and authorized actions, eliminating the unauthenticated remote command-execution path described in the CVE.
Mandates timely installation of vendor patches that close the command-injection flaws, matching Cisco’s remediation guidance for CVE-2021-1497.