PT-2021-3275 · Cisco · Cisco Hyperflex Hx Data Platform

Mikhail Klyuchnikov

Published

2021-05-05

Updated

2022-01-01

CVE-2021-1499

CVSS v3.1

5.3

Medium

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Name of the Vulnerable Software and Affected Versions Cisco HyperFlex HX Data Platform (affected versions not specified)

Description A vulnerability in the web-based management interface of Cisco HyperFlex HX Data Platform could allow an unauthenticated, remote attacker to upload files to an affected device. This issue is due to missing authentication for the upload function. An attacker could exploit this by sending a specific HTTP request to an affected device, potentially allowing the upload of files with the permissions of the tomcat8 user.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Missing Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-306

Related Identifiers

BDU:2021-03038

CVE-2021-1499

Affected Products

Cisco Hyperflex Hx Data Platform

PT-2021-3275 · Cisco · Cisco Hyperflex Hx Data Platform

CVE-2021-1499

Weakness Enumeration

Related Identifiers

Affected Products

References · 10