First published: Thu May 06 2021(Updated: )
A vulnerability in the web-based management interface of Cisco HyperFlex HX Data Platform could allow an unauthenticated, remote attacker to upload files to an affected device. This vulnerability is due to missing authentication for the upload function. An attacker could exploit this vulnerability by sending a specific HTTP request to an affected device. A successful exploit could allow the attacker to upload files to the affected device with the permissions of the tomcat8 user.
Credit: ykramarz@cisco.com
Affected Software | Affected Version | How to fix |
---|---|---|
Cisco HyperFlex HX Data Platform | <4.0\(2e\) | |
Cisco HyperFlex HX Data Platform | >=4.5<4.5\(2a\) | |
Cisco Hyperflex Hx220c Af M5 | ||
Cisco Hyperflex Hx220c All Nvme M5 | ||
Cisco Hyperflex Hx220c Edge M5 | ||
Cisco Hyperflex Hx220c M5 | ||
Cisco Hyperflex Hx240c | ||
Cisco Hyperflex Hx240c Af M5 | ||
Cisco Hyperflex Hx240c M5 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2021-1499 is a vulnerability in the web-based management interface of Cisco HyperFlex HX Data Platform that allows an unauthenticated, remote attacker to upload files to an affected device.
The severity of CVE-2021-1499 is medium, with a CVSS score of 5.3.
An attacker can exploit CVE-2021-1499 by taking advantage of the missing authentication for the upload function in the web-based management interface of Cisco HyperFlex HX Data Platform.
CVE-2021-1499 affects Cisco HyperFlex HX Data Platform versions up to and including 4.0(2e) and versions between 4.5(2a) exclusive and 4.5 inclusive.
To mitigate the vulnerability CVE-2021-1499, it is recommended to apply the necessary updates provided by Cisco.