225 matches found
Cisco HyperFlex HX Command Injection (CVE-2021-1498; CVE-2021-1497)
A remote command execution vulnerability exists in Cisco Hyperflex. The vulnerability is due to improper input sanitization...
Cisco HyperFlex HX Data Platform unauthenticated file upload to RCE (CVE-2021-1499)
This module exploits an unauthenticated file upload vulnerability in Cisco HyperFlex HX Data Platform's /upload endpoint to upload and execute a payload as the Tomcat user. Module Options msf use exploit/linux/http/ciscohyperflexfileuploadrce msf exploitciscohyperflexfileuploadrce show targets...
Cisco HyperFlex HX Data Platform File Upload / Remote Code Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Cisco HyperFlex HX Data Platform unauthenticated file upload to RCE CVE-2021-1499', 'Description' = %q This module exploits an unauthenticated fi...
Cisco HyperFlex HX Data Platform File Upload / Remote Code Execution Exploit
This Metasploit module exploits an unauthenticated file upload vulnerability in Cisco HyperFlex HX Data Platform's /upload endpoint to upload and execute a payload as the Tomcat user. This module requires Metasploit: https://metasploit.com/download Current source:...
Metasploit Wrap-Up
NSClient++ Community contributor Yann Castel has contributed an exploit module for NSClient++ which targets an authenticated command execution vulnerability. Users that are able to authenticate to the service as admin can leverage the external scripts feature to execute commands with SYSTEM level...
Cisco HyperFlex HX Data Platform Command Execution
This module exploits an unauthenticated command injection in Cisco HyperFlex HX Data Platform's /storfs-asup endpoint to execute shell commands as the Tomcat user. Module Options msf use exploit/linux/http/ciscohyperflexhxdataplatformcmdexec msf exploitciscohyperflexhxdataplatformcmdexec show...
Cisco HyperFlex HX Data Platform Command Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Cisco HyperFlex HX Data Platform Command Execution', 'Description' = %q This module exploits an unauthenticated command injection in Cisco...
Cisco HyperFlex HX Data Platform Command Execution Exploit
This Metasploit module exploits an unauthenticated command injection in Cisco HyperFlex HX Data Platform's /storfs-asup endpoint to execute shell commands as the Tomcat user. This module requires Metasploit: https://metasploit.com/download Current source:...
Cisco HyperFlex HX Command Injection Direct Check (cisco-sa-hyperflex-rce-TjjNrkpR)
Binary data cisco-sa-hyperflex-rce-TjjNrkpR-dc.nbin...
Cisco HyperFlex HX 未授权命令注入漏洞(CVE-2021-1497 CVE-2021-1498)
CVE-2021-1497 and/or CVE-2021-1498 Command injection in the /storfs-asup endpoint’s token and mode parameters. Patch --- unpatched/web.xml 2021-05-17 19:06:17.000000000 -0500 +++ patched/web.xml 2021-05-17 19:06:23.000000000 -0500 @@ -69,17 +69,6 @@ - Springpath Storfs ASUP -...
Cisco HyperFlex HX 未授权文件上传漏洞(CVE-2021-1499 )
Technical Analysis CVE-2021-1499 Arbitrary file upload RCE implied in the /upload endpoint. Patch --- unpatched/springpath.conf 2021-05-17 19:06:17.000000000 -0500 +++ patched/springpath.conf 2021-05-17 19:06:23.000000000 -0500 @@ -36,14 +36,7 @@ include uwsgiparams; - location /crossdomain.xml -...
Cisco HyperFlex HX Command Injection Vulnerabilities (cisco-sa-hyperflex-rce-TjjNrkpR)
The version of Cisco HyperFlex HX installed on the remote host is affected by multiple command injection vulnerabilities. An unauthenticated, remote attacker can exploit these to execute arbitrary commands on an affected system. Note that Nessus has not tested for this issue but has instead relie...
A week in security (May 3 – 9)
Last week on Malwarebytes Labs, we discussed how Spectre attacks have come back from the dead; why Facebook banned Instragram ads by Signal; we highlighted the differences between the most popular VPN protocols; pointed out that Google is about to start automatically enrolling users in two-step...
Cisco HyperFlex HX Data Platform Access Control Error Vulnerability
Cisco HyperFlex HX Data Platform is a network appliance from Cisco USA. Provides enterprise-class agility, scalability, security and lifecycle management capabilities. An access control error vulnerability exists in Cisco HyperFlex HX Data Platform, which can be exploited by an attacker to upload...
Critical Cisco SD-WAN, HyperFlex Bugs Menace Networks
Cisco has addressed two critical security vulnerabilities in the SD-WAN vManage Software, one of which could allow an unauthenticated attacker to carry out remote code execution RCE on corporate networks or steal information. The networking giant also disclosed a denial-of-service issue in vManag...
CVE-2021-1498
Multiple vulnerabilities in the web-based management interface of Cisco HyperFlex HX could allow an unauthenticated, remote attacker to perform command injection attacks against an affected device. For more information about these vulnerabilities, see the Details section of this advisory...
CVE-2021-1497
Multiple vulnerabilities in the web-based management interface of Cisco HyperFlex HX could allow an unauthenticated, remote attacker to perform command injection attacks against an affected device. For more information about these vulnerabilities, see the Details section of this advisory...
CVE-2021-1498
Multiple vulnerabilities in the web-based management interface of Cisco HyperFlex HX could allow an unauthenticated, remote attacker to perform command injection attacks against an affected device. For more information about these vulnerabilities, see the Details section of this advisory...
CVE-2021-1499
A vulnerability in the web-based management interface of Cisco HyperFlex HX Data Platform could allow an unauthenticated, remote attacker to upload files to an affected device. This vulnerability is due to missing authentication for the upload function. An attacker could exploit this vulnerabilit...
CVE-2021-1497
Multiple vulnerabilities in the web-based management interface of Cisco HyperFlex HX could allow an unauthenticated, remote attacker to perform command injection attacks against an affected device. For more information about these vulnerabilities, see the Details section of this advisory...