Lucene search

[email protected]NVD:CVE-2021-1499

HistoryMay 06, 2021 - 1:15 p.m.

CVE-2021-1499

2021-05-0613:15:10

CWE-306

[email protected]

web.nvd.nist.gov

cisco

hyperflex hx

data platform

web-based management interface

remote attacker

file upload vulnerability

missing authentication

http request

tomcat8 user

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

EPSS

0.963

Percentile

99.5%

JSON

A vulnerability in the web-based management interface of Cisco HyperFlex HX Data Platform could allow an unauthenticated, remote attacker to upload files to an affected device. This vulnerability is due to missing authentication for the upload function. An attacker could exploit this vulnerability by sending a specific HTTP request to an affected device. A successful exploit could allow the attacker to upload files to the affected device with the permissions of the tomcat8 user.

Affected configurations

Nvd

Node

ciscohyperflex_hx220c_af_m5Match-

ciscohyperflex_hx220c_all_nvme_m5Match-

ciscohyperflex_hx220c_edge_m5Match-

ciscohyperflex_hx220c_m5Match-

ciscohyperflex_hx240cMatch-

ciscohyperflex_hx240c_af_m5Match-

ciscohyperflex_hx240c_m5Match-

AND

ciscohyperflex_hx_data_platformRange<4.0\(2e\)

ciscohyperflex_hx_data_platformRange4.5–4.5\(2a\)

VendorProductVersionCPE
ciscohyperflex_hx220c_af_m5-cpe:2.3:h:cisco:hyperflex_hx220c_af_m5:-:*:*:*:*:*:*:*
ciscohyperflex_hx220c_all_nvme_m5-cpe:2.3:h:cisco:hyperflex_hx220c_all_nvme_m5:-:*:*:*:*:*:*:*
ciscohyperflex_hx220c_edge_m5-cpe:2.3:h:cisco:hyperflex_hx220c_edge_m5:-:*:*:*:*:*:*:*
ciscohyperflex_hx220c_m5-cpe:2.3:h:cisco:hyperflex_hx220c_m5:-:*:*:*:*:*:*:*
ciscohyperflex_hx240c-cpe:2.3:h:cisco:hyperflex_hx240c:-:*:*:*:*:*:*:*
ciscohyperflex_hx240c_af_m5-cpe:2.3:h:cisco:hyperflex_hx240c_af_m5:-:*:*:*:*:*:*:*
ciscohyperflex_hx240c_m5-cpe:2.3:h:cisco:hyperflex_hx240c_m5:-:*:*:*:*:*:*:*
ciscohyperflex_hx_data_platform*cpe:2.3:o:cisco:hyperflex_hx_data_platform:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
cisco	hyperflex_hx220c_af_m5	-	cpe:2.3:h:cisco:hyperflex_hx220c_af_m5:-:::::::*
cisco	hyperflex_hx220c_all_nvme_m5	-	cpe:2.3:h:cisco:hyperflex_hx220c_all_nvme_m5:-:::::::*
cisco	hyperflex_hx220c_edge_m5	-	cpe:2.3:h:cisco:hyperflex_hx220c_edge_m5:-:::::::*
cisco	hyperflex_hx220c_m5	-	cpe:2.3:h:cisco:hyperflex_hx220c_m5:-:::::::*
cisco	hyperflex_hx240c	-	cpe:2.3:h:cisco:hyperflex_hx240c:-:::::::*
cisco	hyperflex_hx240c_af_m5	-	cpe:2.3:h:cisco:hyperflex_hx240c_af_m5:-:::::::*
cisco	hyperflex_hx240c_m5	-	cpe:2.3:h:cisco:hyperflex_hx240c_m5:-:::::::*
cisco	hyperflex_hx_data_platform	*	cpe:2.3:o:cisco:hyperflex_hx_data_platform::::::::