ID

VAR-202105-0617


CVE

CVE-2021-1499


TITLE

Cisco HyperFlex HX Data Platform Access Control Error Vulnerability

Trust: 0.6

sources: CNVD: CNVD-2021-35615

DESCRIPTION

A vulnerability in the web-based management interface of Cisco HyperFlex HX Data Platform could allow an unauthenticated, remote attacker to upload files to an affected device. This vulnerability is due to missing authentication for the upload function. An attacker could exploit this vulnerability by sending a specific HTTP request to an affected device. A successful exploit could allow the attacker to upload files to the affected device with the permissions of the tomcat8 user. Cisco HyperFlex HX Data Platform is a network device of Cisco (Cisco) in the United States. Provide enterprise-level agility, scalability, security and life cycle management functions. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements

Trust: 2.07

sources: NVD: CVE-2021-1499 // CNVD: CNVD-2021-35615 // CNNVD: CNNVD-202104-975 // VULMON: CVE-2021-1499

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2021-35615

AFFECTED PRODUCTS

vendor:ciscomodel:hyperflex hx data platformscope:gteversion:4.5

Trust: 1.0

vendor:ciscomodel:hyperflex hx data platformscope:ltversion:4.5\(2a\)

Trust: 1.0

vendor:ciscomodel:hyperflex hx data platformscope:ltversion:4.0\(2e\)

Trust: 1.0

vendor:ciscomodel:hyperflex hx data platformscope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2021-35615 // NVD: CVE-2021-1499

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-1499
value: MEDIUM

Trust: 1.0

ykramarz@cisco.com: CVE-2021-1499
value: MEDIUM

Trust: 1.0

CNVD: CNVD-2021-35615
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-202104-975
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-202105-140
value: MEDIUM

Trust: 0.6

VULMON: CVE-2021-1499
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2021-1499
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

CNVD: CNVD-2021-35615
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2021-1499
baseSeverity: MEDIUM
baseScore: 5.3
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 1.4
version: 3.1

Trust: 2.0

sources: CNVD: CNVD-2021-35615 // VULMON: CVE-2021-1499 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202105-140 // NVD: CVE-2021-1499 // NVD: CVE-2021-1499

PROBLEMTYPE DATA

problemtype:CWE-306

Trust: 1.0

sources: NVD: CVE-2021-1499

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202105-140

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202104-975

PATCH

title:Patch for Cisco HyperFlex HX Data Platform Access Control Error Vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/265646

Trust: 0.6

title:Cisco Cisco HyperFlex HX Data Platform Fixes for access control error vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=154669

Trust: 0.6

title:Cisco: Cisco HyperFlex HX Data Platform File Upload Vulnerabilityurl:https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-hyperflex-upload-KtCK8Ugz

Trust: 0.1

title:Awesome-POCurl:https://github.com/ArrestX/--POC

Trust: 0.1

title:Normal-POCurl:https://github.com/Miraitowa70/POC-Notes

Trust: 0.1

title:Normal-POCurl:https://github.com/Miraitowa70/Pentest-Notes

Trust: 0.1

title:Vulnerabilityurl:https://github.com/tzwlhack/Vulnerability

Trust: 0.1

title:Awesome-POCurl:https://github.com/KayCHENvip/vulnerability-poc

Trust: 0.1

title:https://github.com/20142995/Gobyurl:https://github.com/20142995/Goby

Trust: 0.1

title:Awesome-POCurl:https://github.com/Threekiii/Awesome-POC

Trust: 0.1

title:Goby_POC POC 数量1319url:https://github.com/Z0fhack/Goby_POC

Trust: 0.1

title:SecBooks SecBooks目录url:https://github.com/SexyBeast233/SecBooks

Trust: 0.1

title:Kenzer Templates [5170] [DEPRECATED]url:https://github.com/ARPSyndicate/kenzer-templates

Trust: 0.1

sources: CNVD: CNVD-2021-35615 // VULMON: CVE-2021-1499 // CNNVD: CNNVD-202105-140

EXTERNAL IDS

db:NVDid:CVE-2021-1499

Trust: 2.3

db:PACKETSTORMid:163203

Trust: 1.7

db:AUSCERTid:ESB-2021.1537

Trust: 1.2

db:CNVDid:CNVD-2021-35615

Trust: 0.6

db:CS-HELPid:SB2021041363

Trust: 0.6

db:CNNVDid:CNNVD-202104-975

Trust: 0.6

db:CS-HELPid:SB2021050630

Trust: 0.6

db:CNNVDid:CNNVD-202105-140

Trust: 0.6

db:VULMONid:CVE-2021-1499

Trust: 0.1

sources: CNVD: CNVD-2021-35615 // VULMON: CVE-2021-1499 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202105-140 // NVD: CVE-2021-1499

REFERENCES

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-hyperflex-upload-ktck8ugz

Trust: 2.4

url:http://packetstormsecurity.com/files/163203/cisco-hyperflex-hx-data-platform-file-upload-remote-code-execution.html

Trust: 2.4

url:https://www.auscert.org.au/bulletins/esb-2021.1537

Trust: 1.2

url:https://www.cybersecurity-help.cz/vdb/sb2021041363

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021050630

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/306.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://github.com/arrestx/--poc

Trust: 0.1

sources: CNVD: CNVD-2021-35615 // VULMON: CVE-2021-1499 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202105-140 // NVD: CVE-2021-1499

SOURCES

db:CNVDid:CNVD-2021-35615
db:VULMONid:CVE-2021-1499
db:CNNVDid:CNNVD-202104-975
db:CNNVDid:CNNVD-202105-140
db:NVDid:CVE-2021-1499

LAST UPDATE DATE

2024-08-14T13:13:16.211000+00:00


SOURCES UPDATE DATE

db:CNVDid:CNVD-2021-35615date:2021-05-19T00:00:00
db:VULMONid:CVE-2021-1499date:2023-11-07T00:00:00
db:CNNVDid:CNNVD-202104-975date:2021-04-14T00:00:00
db:CNNVDid:CNNVD-202105-140date:2021-08-16T00:00:00
db:NVDid:CVE-2021-1499date:2023-11-07T03:28:26.697

SOURCES RELEASE DATE

db:CNVDid:CNVD-2021-35615date:2021-05-19T00:00:00
db:VULMONid:CVE-2021-1499date:2021-05-06T00:00:00
db:CNNVDid:CNNVD-202104-975date:2021-04-13T00:00:00
db:CNNVDid:CNNVD-202105-140date:2021-05-05T00:00:00
db:NVDid:CVE-2021-1499date:2021-05-06T13:15:10.567