{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-14T13:02:24.420","vulnerabilities":[{"cve":{"id":"CVE-2021-1498","sourceIdentifier":"psirt@cisco.com","published":"2021-05-06T13:15:10.537","lastModified":"2025-10-28T13:58:25.420","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Multiple vulnerabilities in the web-based management interface of Cisco HyperFlex HX could allow an unauthenticated, remote attacker to perform command injection attacks against an affected device. For more information about these vulnerabilities, see the Details section of this advisory."},{"lang":"es","value":"Múltiples vulnerabilidades en la interfaz de administración basada en web de Cisco HyperFlex HX, podrían permitir a un atacante remoto no autenticado llevar a cabo ataques de inyección de comandos contra un dispositivo afectado. Para obtener más información sobre estas vulnerabilidades, consulte la sección Detalles de este aviso"}],"metrics":{"cvssMetricV31":[{"source":"psirt@cisco.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"cisaExploitAdd":"2021-11-03","cisaActionDue":"2021-11-17","cisaRequiredAction":"Apply updates per vendor instructions.","cisaVulnerabilityName":"Cisco HyperFlex HX Data Platform Command Injection Vulnerability","weaknesses":[{"source":"psirt@cisco.com","type":"Secondary","description":[{"lang":"en","value":"CWE-78"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-77"}]}],"configurations":[{"operator":"AND","nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:hyperflex_hx_data_platform:*:*:*:*:*:*:*:*","versionEndExcluding":"4.0\\(2e\\)","matchCriteriaId":"17BC381C-F6CD-4B90-B4AE-8544966ECCE6"},{"vulnerable":true,"criteria":"cpe:2.3:o:cisco:hyperflex_hx_data_platform:*:*:*:*:*:*:*:*","versionStartIncluding":"4.5","versionEndExcluding":"4.5\\(2a\\)","matchCriteriaId":"D125A3BA-3182-4E44-92CB-E46CA2D5292D"}]},{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":false,"criteria":"cpe:2.3:h:cisco:hyperflex_hx220c_af_m5:-:*:*:*:*:*:*:*","matchCriteriaId":"0D5AFDE1-3A3B-4AF8-A425-492558B0B2EA"},{"vulnerable":false,"criteria":"cpe:2.3:h:cisco:hyperflex_hx220c_all_nvme_m5:-:*:*:*:*:*:*:*","matchCriteriaId":"43CAFBEF-82AC-425C-B659-7856C2ADC7DF"},{"vulnerable":false,"criteria":"cpe:2.3:h:cisco:hyperflex_hx220c_edge_m5:-:*:*:*:*:*:*:*","matchCriteriaId":"9B38E0BA-D320-406B-8739-6218B96DFD24"},{"vulnerable":false,"criteria":"cpe:2.3:h:cisco:hyperflex_hx220c_m5:-:*:*:*:*:*:*:*","matchCriteriaId":"6E19D6AF-E190-463D-B359-BB02362490D1"},{"vulnerable":false,"criteria":"cpe:2.3:h:cisco:hyperflex_hx240c:-:*:*:*:*:*:*:*","matchCriteriaId":"F4440219-AA2A-4AA3-B780-2F2DB62D0100"},{"vulnerable":false,"criteria":"cpe:2.3:h:cisco:hyperflex_hx240c_af_m5:-:*:*:*:*:*:*:*","matchCriteriaId":"EFF775A8-5A2C-42B7-B26C-85921D803A25"},{"vulnerable":false,"criteria":"cpe:2.3:h:cisco:hyperflex_hx240c_m5:-:*:*:*:*:*:*:*","matchCriteriaId":"5009EC3A-40C9-44B0-8E5E-599657F819FA"}]}]}],"references":[{"url":"http://packetstormsecurity.com/files/162976/Cisco-HyperFlex-HX-Data-Platform-Command-Execution.html","source":"psirt@cisco.com","tags":["Exploit","Third Party Advisory","VDB Entry"]},{"url":"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-hyperflex-rce-TjjNrkpR","source":"psirt@cisco.com","tags":["Vendor Advisory"]},{"url":"http://packetstormsecurity.com/files/162976/Cisco-HyperFlex-HX-Data-Platform-Command-Execution.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory","VDB Entry"]},{"url":"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-hyperflex-rce-TjjNrkpR","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-1498","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":["US Government Resource"]}]}}]}