CVE-2021-1499

moderate-risk
Published 2021-05-06

A vulnerability in the web-based management interface of Cisco HyperFlex HX Data Platform could allow an unauthenticated, remote attacker to upload files to an affected device. This vulnerability is due to missing authentication for the upload function. An attacker could exploit this vulnerability by sending a specific HTTP request to an affected device. A successful exploit could allow the attacker to upload files to the affected device with the permissions of the tomcat8 user.

Do I need to act?

!
92.9% chance of exploitation in next 30 days
EPSS score — higher than 7% of all CVEs
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
5
CVSS 5.3/10 Medium
NETWORK / LOW complexity

Affected Products (1)

Affected Vendors

Cisco

References (4)

Exploit http://packetstormsecurity.com/files/163203/Cisco-HyperFlex-HX-Data-Platform-Fil...
Vendor Advisory https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-h...
Exploit http://packetstormsecurity.com/files/163203/Cisco-HyperFlex-HX-Data-Platform-Fil...
Vendor Advisory https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-h...
46
/ 100
moderate-risk
Severity 21/34 · High
Exploitability 20/34 · Moderate
Exposure 5/34 · Minimal