MEDIUM✓ PATCH🇵🇱 Wersja polska

CVE-2021-1499

CVSS 5.3v3.1pub. 2021-05-06upd. 2024-11-21

A vulnerability in the web-based management interface of Cisco HyperFlex HX Data Platform could allow an unauthenticated, remote attacker to upload files to an affected device. This vulnerability is due to missing authentication for the upload function. An attacker could exploit this vulnerability by sending a specific HTTP request to an affected device. A successful exploit could allow the attacker to upload files to the affected device with the permissions of the tomcat8 user.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
  • Cisco Hyperflex Hx220c Af M5

    HW
    Cisco
    wszystkie wersje
  • Cisco Hyperflex Hx220c All Nvme M5

    HW
    Cisco
    wszystkie wersje
  • Cisco Hyperflex Hx220c Edge M5

    HW
    Cisco
    wszystkie wersje
  • Cisco Hyperflex Hx220c M5

    HW
    Cisco
    wszystkie wersje
  • Cisco Hyperflex Hx240c

    HW
    Cisco
    wszystkie wersje
  • Cisco Hyperflex Hx240c Af M5

    HW
    Cisco
    wszystkie wersje
  • Cisco Hyperflex Hx240c M5

    HW
    Cisco
    wszystkie wersje
  • Cisco Hyperflex Hx Data Platform

    OS
    Cisco
    4.5 – 4.5\(2a\) (bez)< 4.0\(2e\)
🟢
PATCH AVAILABLE
Vendor update available. Deploy in standard maintenance cycle.
CWE
References

Related vulnerabilities

CVE-2021-1497CRITICAL9.8⚠ KEVten sam produkt

Multiple vulnerabilities in the web-based management interface of Cisco HyperFlex HX could allow an unauthenti...

CVE-2021-1498CRITICAL9.8⚠ KEVten sam produkt

Multiple vulnerabilities in the web-based management interface of Cisco HyperFlex HX could allow an unauthenti...

CVE-2019-12621HIGH7.4ten sam produkt

A vulnerability in Cisco HyperFlex Software could allow an unauthenticated, remote attacker to perform a man-i...

CVE-2019-1958HIGH8.8ten sam produkt

A vulnerability in the web-based management interface of Cisco HyperFlex Software could allow an unauthenticat...

CVE-2019-1664HIGH7.8ten sam produkt

A vulnerability in the hxterm service of Cisco HyperFlex Software could allow an unauthenticated, local attack...