Exposures › CVE-2021-1498
CVE-2021-1498
Severity
high · on CISA KEV actively exploited
Source
CISA-KEV · kev
Published
2021-11-03
Reference
⚡ RCE
⌖ exploited in the wild
shame 65/100
rceexploited-in-wild
Cisco HyperFlex HX Installer Virtual Machine contains an insufficient input validation vulnerability which could allow an attacker to execute commands on an affected device as the tomcat8 user.
Players implicated
Description
Cisco HyperFlex HX Installer Virtual Machine contains an insufficient input validation vulnerability which could allow an attacker to execute commands on an affected device as the tomcat8 user.
Affected FedRAMP products 8 in the catalog
| Product | Provider | Status | Match |
|---|---|---|---|
| Cisco Cloudlock for Government | Cisco Systems Inc. | Authorized | vendor-exact · 0.90 |
| Cisco Meraki for Government | Cisco Systems Inc. | In Process | vendor-exact · 0.90 |
| Cisco SD-WAN for Government | Cisco Systems Inc. | In Process | vendor-exact · 0.90 |
| Cisco Umbrella for Government | Cisco Systems Inc. | In Process | vendor-exact · 0.90 |
| Cisco Unified Communications Manager Cloud for Government (Cisco UCM Cloud for Government) | Cisco Systems Inc. | Authorized | vendor-exact · 0.90 |
| Duo Federal | Duo Security (A Cisco Company) | Authorized | dex-judge · 0.95 |
| WebEx Contact Center Enterprise for Government (WxCCE-G) | Cisco Systems Inc. | In Process | vendor-exact · 0.90 |
| Webex for Government | Cisco Systems Inc. | Authorized | vendor-exact · 0.90 |