Cisco HyperFlex HX Data Platform - Remote Command Execution

Cisco HyperFlex HX contains multiple vulnerabilities in the web-based management interface that could allow an unauthenticated, remote attacker to perform command injection attacks against an affected device. id: CVE-2021-1498 info: name: Cisco HyperFlex HX Data Platform - Remote Command Executio...

CVE-2023-20263

A vulnerability in the web-based management interface of Cisco HyperFlex HX Data Platform could allow an unauthenticated, remote attacker to redirect a user to a malicious web page. This vulnerability is due to improper input validation of the parameters in an HTTP request. An attacker could...

Input validation

A vulnerability in the web-based management interface of Cisco HyperFlex HX Data Platform could allow an unauthenticated, remote attacker to redirect a user to a malicious web page. This vulnerability is due to improper input validation of the parameters in an HTTP request. An attacker could...

CVE-2023-20263

CVE-2023-20263 affects Cisco HyperFlex HX Data Platform, specifically the web-based management interface. The issue arises from improper input validation of HTTP request parameters, enabling an unauthenticated, remote attacker to persuade a user to click a crafted link and potentially redirect th...

Cisco HyperFlex HX Data Platform unauthenticated file upload to RCE (CVE-2021-1499)

This module exploits an unauthenticated file upload vulnerability in Cisco HyperFlex HX Data Platform's /upload endpoint to upload and execute a payload as the Tomcat user. Module Options msf use exploit/linux/http/ciscohyperflexfileuploadrce msf exploitciscohyperflexfileuploadrce show targets...

Cisco HyperFlex HX Data Platform File Upload / Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Cisco HyperFlex HX Data Platform unauthenticated file upload to RCE CVE-2021-1499', 'Description' = %q This module exploits an unauthenticated fi...

Metasploit Wrap-Up

NSClient++ Community contributor Yann Castel has contributed an exploit module for NSClient++ which targets an authenticated command execution vulnerability. Users that are able to authenticate to the service as admin can leverage the external scripts feature to execute commands with SYSTEM level...

CVE-2021-1499

Cisco HyperFlex HX Data Platform is affected by an unauthenticated arbitrary file upload vulnerability in the web-based management interface. The issue arises from missing authentication on the /upload endpoint, allowing an attacker to upload files with the permissions of the Tomcat user (tomcat8...

CVE-2021-1499

A vulnerability in the web-based management interface of Cisco HyperFlex HX Data Platform could allow an unauthenticated, remote attacker to upload files to an affected device. This vulnerability is due to missing authentication for the upload function. An attacker could exploit this vulnerabilit...

Cisco Hyperflex HX-Series Software Weak Storage (cisco-sa-HYP-WSV-yT3j5hSB)

According to its self-reported version, Cisco HyperFlex HX Data Platform is affected by a vulnerability in the installation component because sensitive information is stored as clear text. An authenticated, local attacker can exploit this, by authenticating to an affected device and navigating to...

ESXi firewall changes required to process a Veeam backup from storage snapshot with Cisco HyperFlex IOvisor

Challenge To process a Veeam backup from storage snapshot with Cisco HyperFlex IOvisor, adjustments may have to be to the ESXi firewall settings. The process outlined below applies to all HyperFlex clusters running HX Data Platform 3.0 or later. Solution Before you add the HyperFlex Cluster into...

CVE-2018-15429

A vulnerability in the web-based UI of Cisco HyperFlex HX Data Platform Software could allow an unauthenticated, remote attacker to access sensitive information on an affected system. The vulnerability is due to a lack of proper input and authorization of HTTP requests. An attacker could exploit...

CVE-2018-15429 Cisco HyperFlex HX Data Platform Software Unauthorized Directory Access Vulnerability

A vulnerability in the web-based UI of Cisco HyperFlex HX Data Platform Software could allow an unauthenticated, remote attacker to access sensitive information on an affected system. The vulnerability is due to a lack of proper input and authorization of HTTP requests. An attacker could exploit...

CVE-2018-15429

The CVE-2018-15429 issue affects Cisco HyperFlex HX Data Platform Software and stems from improper input validation and lack of proper authorization in the web-based UI. An unauthenticated, remote attacker could exploit via malicious HTTP requests to access files containing sensitive data (partia...

CVE-2018-15429 Cisco HyperFlex HX Data Platform Software Unauthorized Directory Access Vulnerability

A vulnerability in the web-based UI of Cisco HyperFlex HX Data Platform Software could allow an unauthenticated, remote attacker to access sensitive information on an affected system. The vulnerability is due to a lack of proper input and authorization of HTTP requests. An attacker could exploit...