6 matches found
Cisco HyperFlex HX Data Platform unauthenticated file upload to RCE (CVE-2021-1499)
This module exploits an unauthenticated file upload vulnerability in Cisco HyperFlex HX Data Platform's /upload endpoint to upload and execute a payload as the Tomcat user. Module Options msf use exploit/linux/http/ciscohyperflexfileuploadrce msf exploitciscohyperflexfileuploadrce show targets...
Cisco HyperFlex HX Data Platform File Upload / Remote Code Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Cisco HyperFlex HX Data Platform unauthenticated file upload to RCE CVE-2021-1499', 'Description' = %q This module exploits an unauthenticated fi...
Cisco HyperFlex HX Data Platform File Upload / Remote Code Execution Exploit
This Metasploit module exploits an unauthenticated file upload vulnerability in Cisco HyperFlex HX Data Platform's /upload endpoint to upload and execute a payload as the Tomcat user. This module requires Metasploit: https://metasploit.com/download Current source:...
Cisco HyperFlex HX 未授权文件上传漏洞(CVE-2021-1499 )
Technical Analysis CVE-2021-1499 Arbitrary file upload RCE implied in the /upload endpoint. Patch --- unpatched/springpath.conf 2021-05-17 19:06:17.000000000 -0500 +++ patched/springpath.conf 2021-05-17 19:06:23.000000000 -0500 @@ -36,14 +36,7 @@ include uwsgiparams; - location /crossdomain.xml -...
CVE-2021-1499
creationtimestamp| type| source ---|---|--- 2021-05-06 13:51:34+00:00| seen| https://t.me/ptswarm/34 2021-06-17 17:48:07+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/ciscohyperflexfileuploadrce.rb 2021-06-20 01:57:48+00:00| seen|...
CVE-2021-1499
Cisco HyperFlex HX Data Platform is affected by an unauthenticated arbitrary file upload vulnerability in the web-based management interface. The issue arises from missing authentication on the /upload endpoint, allowing an attacker to upload files with the permissions of the Tomcat user (tomcat8...