CVE-2021-1498

CVE Database · CVE-2021-1498

CVE-2021-1498

· CRITICALAnalyzed

CVSS v3.1

9.8

EPSS

100.00%

Published

May 6, 2021

Modified

Oct 28, 2025

CISA Known Exploited Vulnerability

Added: 2021-11-03 · Due: 2021-11-17

Apply updates per vendor instructions.

Public PoC / Exploit (2)

All weaponized →

NucleiNuclei detection template TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

Multiple vulnerabilities in the web-based management interface of Cisco HyperFlex HX could allow an unauthenticated, remote attacker to perform command injection attacks against an affected device. For more information about these vulnerabilities, see the Details section of this advisory.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Weaknesses (CWE)

CWE-78CWE-77

Affected Products (9)

cisco · hyperflex_hx_data_platform (up to 4.0\(2e\))vulnerable

cisco · hyperflex_hx_data_platform (up to 4.5\(2a\))vulnerable

cisco · hyperflex_hx220c_af_m5

cisco · hyperflex_hx220c_all_nvme_m5

cisco · hyperflex_hx220c_edge_m5

cisco · hyperflex_hx220c_m5

cisco · hyperflex_hx240c