back to article Cisco HyperFlex web interface has critical flaw that lets attackers get root and execute arbitrary commands

Cisco has revealed a pair of critical bugs in its HyperFlex hyperconverged infrastructure product. CVE-2021-1497 impacts the HyperFlex HX Installer Virtual Machine and means an unauthenticated, remote attacker could perform a command injection attack on a web management console that gives them root access and allows them to …

  1. Pascal Monett Silver badge
    Thumb Down

    "insufficient validation of user-supplied input"

    Aka sloppy programming.

    On a platform that is specifically touted to be the tool to manage VMs.

    Well done, Cisco. With you around, who needs Huawei ?

  2. Andy The Hat Silver badge
    Coat

    State sponsored Chinese backdoors again ...

    What?

    Not Chinese?

    Are you sure?

    But the Trumpmeister assured us that any security hole in Chinese software was not a result of piss-poor programming practice but deliberate act with malicious intent. No American software has deliberate holes so, as it's American, it's not malicious! But that means it must instead be piss ... oh dear.

    Is there any other Huawei to look at this?

  3. HildyJ Silver badge
    Thumb Down

    Cisco says it all

    It's not as if Cisco is known for its great programming. Or its great security, for that matter.

    Besides, I inherently distrust products with hyper in their name. Drop the 'r' and the names become more meaningful.

  4. pc-fluesterer.info
    FAIL

    it's not a bug, it's a feature!

    ... for the three-letter-agencies.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2021