Lucene search

CiscoCVE-2021-1499

HistoryMay 06, 2021 - 1:15 p.m.

CVE-2021-1499

2021-05-0613:15:10

CWE-306

cisco

web.nvd.nist.gov

cisco

hyperflex

hx data platform

vulnerability

unauthenticated

remote

file upload

nvd

cve-2021-1499

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

CVSS3

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

AI Score

5.3

Confidence

High

EPSS

0.963

Percentile

99.5%

JSON

A vulnerability in the web-based management interface of Cisco HyperFlex HX Data Platform could allow an unauthenticated, remote attacker to upload files to an affected device. This vulnerability is due to missing authentication for the upload function. An attacker could exploit this vulnerability by sending a specific HTTP request to an affected device. A successful exploit could allow the attacker to upload files to the affected device with the permissions of the tomcat8 user.

Affected configurations

Nvd

Node

ciscohyperflex_hx220c_af_m5Match-

ciscohyperflex_hx220c_all_nvme_m5Match-

ciscohyperflex_hx220c_edge_m5Match-

ciscohyperflex_hx220c_m5Match-

ciscohyperflex_hx240cMatch-

ciscohyperflex_hx240c_af_m5Match-

ciscohyperflex_hx240c_m5Match-

AND

ciscohyperflex_hx_data_platformRange<4.0\(2e\)

ciscohyperflex_hx_data_platformRange4.5–4.5\(2a\)

VendorProductVersionCPE
ciscohyperflex_hx220c_af_m5-cpe:2.3:h:cisco:hyperflex_hx220c_af_m5:-:*:*:*:*:*:*:*
ciscohyperflex_hx220c_all_nvme_m5-cpe:2.3:h:cisco:hyperflex_hx220c_all_nvme_m5:-:*:*:*:*:*:*:*
ciscohyperflex_hx220c_edge_m5-cpe:2.3:h:cisco:hyperflex_hx220c_edge_m5:-:*:*:*:*:*:*:*
ciscohyperflex_hx220c_m5-cpe:2.3:h:cisco:hyperflex_hx220c_m5:-:*:*:*:*:*:*:*
ciscohyperflex_hx240c-cpe:2.3:h:cisco:hyperflex_hx240c:-:*:*:*:*:*:*:*
ciscohyperflex_hx240c_af_m5-cpe:2.3:h:cisco:hyperflex_hx240c_af_m5:-:*:*:*:*:*:*:*
ciscohyperflex_hx240c_m5-cpe:2.3:h:cisco:hyperflex_hx240c_m5:-:*:*:*:*:*:*:*
ciscohyperflex_hx_data_platform*cpe:2.3:o:cisco:hyperflex_hx_data_platform:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
cisco	hyperflex_hx220c_af_m5	-	cpe:2.3:h:cisco:hyperflex_hx220c_af_m5:-:::::::*
cisco	hyperflex_hx220c_all_nvme_m5	-	cpe:2.3:h:cisco:hyperflex_hx220c_all_nvme_m5:-:::::::*
cisco	hyperflex_hx220c_edge_m5	-	cpe:2.3:h:cisco:hyperflex_hx220c_edge_m5:-:::::::*
cisco	hyperflex_hx220c_m5	-	cpe:2.3:h:cisco:hyperflex_hx220c_m5:-:::::::*
cisco	hyperflex_hx240c	-	cpe:2.3:h:cisco:hyperflex_hx240c:-:::::::*
cisco	hyperflex_hx240c_af_m5	-	cpe:2.3:h:cisco:hyperflex_hx240c_af_m5:-:::::::*
cisco	hyperflex_hx240c_m5	-	cpe:2.3:h:cisco:hyperflex_hx240c_m5:-:::::::*
cisco	hyperflex_hx_data_platform	*	cpe:2.3:o:cisco:hyperflex_hx_data_platform::::::::

CNA Affected

[
  {
    "product": "Cisco HyperFlex HX Data Platform",
    "vendor": "Cisco",
    "versions": [
      {
        "status": "affected",
        "version": "n/a"
      }
    ]
  }
]