7 matches found
Cisco HyperFlex HX Command Injection (CVE-2021-1498; CVE-2021-1497)
A remote command execution vulnerability exists in Cisco Hyperflex. The vulnerability is due to improper input sanitization...
Metasploit Wrap-Up
NSClient++ Community contributor Yann Castel has contributed an exploit module for NSClient++ which targets an authenticated command execution vulnerability. Users that are able to authenticate to the service as admin can leverage the external scripts feature to execute commands with SYSTEM level...
Cisco HyperFlex HX Data Platform Command Execution
This module exploits an unauthenticated command injection in Cisco HyperFlex HX Data Platform's /storfs-asup endpoint to execute shell commands as the Tomcat user. Module Options msf use exploit/linux/http/ciscohyperflexhxdataplatformcmdexec msf exploitciscohyperflexhxdataplatformcmdexec show...
Cisco HyperFlex HX Command Injection Vulnerabilities (cisco-sa-hyperflex-rce-TjjNrkpR)
The version of Cisco HyperFlex HX installed on the remote host is affected by multiple command injection vulnerabilities. An unauthenticated, remote attacker can exploit these to execute arbitrary commands on an affected system. Note that Nessus has not tested for this issue but has instead relie...
CVE-2021-1498
creationtimestamp| type| source ---|---|--- 2021-05-06 13:51:34+00:00| seen| https://t.me/ptswarm/34 2021-05-17 17:03:48+00:00| seen| https://t.me/reconshell/709 2021-06-03 21:31:54+00:00| seen|...
CVE-2021-1498 Cisco HyperFlex HX Command Injection Vulnerabilities
Multiple vulnerabilities in the web-based management interface of Cisco HyperFlex HX could allow an unauthenticated, remote attacker to perform command injection attacks against an affected device. For more information about these vulnerabilities, see the Details section of this advisory...
Critical Flaws Hit Cisco SD-WAN vManage and HyperFlex Software
Networking equipment major Cisco has rolled out software updates to address multiple critical vulnerabilities impacting HyperFlex HX and SD-WAN vManage Software that could allow an attacker to perform command injection attacks, execute arbitrary code, and gain access to sensitive information. In ...