"insufficient validation of user-supplied input"
Aka sloppy programming.
On a platform that is specifically touted to be the tool to manage VMs.
Well done, Cisco. With you around, who needs Huawei ?
root
and execute arbitrary commands Cisco has revealed a pair of critical bugs in its HyperFlex hyperconverged infrastructure product. CVE-2021-1497 impacts the HyperFlex HX Installer Virtual Machine and means an unauthenticated, remote attacker could perform a command injection attack on a web management console that gives them root access and allows them to …
What?
Not Chinese?
Are you sure?
But the Trumpmeister assured us that any security hole in Chinese software was not a result of piss-poor programming practice but deliberate act with malicious intent. No American software has deliberate holes so, as it's American, it's not malicious! But that means it must instead be piss ... oh dear.
Is there any other Huawei to look at this?