5.3

CVE-2021-1499

Exploit
A vulnerability in the web-based management interface of Cisco HyperFlex HX Data Platform could allow an unauthenticated, remote attacker to upload files to an affected device. This vulnerability is due to missing authentication for the upload function. An attacker could exploit this vulnerability by sending a specific HTTP request to an affected device. A successful exploit could allow the attacker to upload files to the affected device with the permissions of the tomcat8 user.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
CiscoHyperflex Hx Data Platform Version < 4.0\(2e\)
   CiscoHyperflex Hx220c Af M5 Version-
   CiscoHyperflex Hx220c All Nvme M5 Version-
   CiscoHyperflex Hx220c Edge M5 Version-
   CiscoHyperflex Hx220c M5 Version-
   CiscoHyperflex Hx240c Version-
   CiscoHyperflex Hx240c Af M5 Version-
   CiscoHyperflex Hx240c M5 Version-
CiscoHyperflex Hx Data Platform Version >= 4.5 < 4.5\(2a\)
   CiscoHyperflex Hx220c Af M5 Version-
   CiscoHyperflex Hx220c All Nvme M5 Version-
   CiscoHyperflex Hx220c Edge M5 Version-
   CiscoHyperflex Hx220c M5 Version-
   CiscoHyperflex Hx240c Version-
   CiscoHyperflex Hx240c Af M5 Version-
   CiscoHyperflex Hx240c M5 Version-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 91.97% 0.997
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5.3 3.9 1.4
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:N/I:P/A:N
psirt@cisco.com 5.3 3.9 1.4
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
CWE-306 Missing Authentication for Critical Function

The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.