Cisco this week identified two \u201cHigh\u201d security vulnerabilities in its HyperFlex data-center package that could let attackers gain control of the system. \u00a0\nHyperFlex is Cisco\u2019s hyperconverged infrastructure that offers computing, networking and storage resources in a single system.\n\nThe more critical of the two warnings \u2013 an 8.8 on Cisco\u2019s severity scale of 1-10 \u2013 is a command-injection vulnerability in the cluster service manager of Cisco HyperFlex Software that could let an unauthenticated, attacker execute commands as the root user.\n\u201cAn attacker could exploit this vulnerability by connecting to the cluster service manager and injecting commands into the bound process,\u201d Cisco wrote in its Security Advisory.\nCisco says that the vulnerability is due to insufficient input validation in Cisco HyperFlex software releases prior to 3.5.\nSuch input can impact the control flow or data flow of a program and cause a number of resource control problems. Cisco has released a software update to address this vulnerability and said that there are no other workarounds to address this exposure.\nThe second vulnerability \u2013 rated 8.1 on Cisco's scale \u2013 is a snafu in the hxterm service of Cisco HyperFlex Software that could let an attacker connect to the service as a non-privileged, local user. A successful exploit could allow the attacker to gain root access to all member nodes of the HyperFlex cluster in Cisco HyperFlex software releases prior to 3.5, according to the security advisory.\nCisco said has released software updates that address both\u00a0 vulnerabilities. Customers can download it from Cisco.\nCisco also released three other \u201cMedium\u201d level threats around Hyperflex software having to do with \u00a0cross-site scripting (XSS), arbitrary data and Graphite service weaknesses.\u00a0 But it offered no workarounds nor patches for those problems. \nCisco recently expanded its hyperconverged package with HyperFlex for Branch or Hyperflex 4.0, which will let customers extend the system to branch offices or the edge of a customer network. In other words it moves data-center-class application performance and management to branch offices and remote sites, enabling analytics and intelligent services at the enterprise edge, Cisco said.\u00a0\nThe Hyperflex vulnerabilities were part of a 17 item dump of Security Advisories and Alerts issued by the company.