VDB
CVE-2021-1499
CVE-2021-1499
PUBLISHED
KEV
CVSS 5.300000190734863 MEDIUM
A vulnerability in the web-based management interface of Cisco HyperFlex HX Data Platform could allow an unauthenticated, remote attacker to upload files to an affected device. This vulnerability is due to missing authentication for the upload function. An attacker could exploit this vulnerability by sending a specific HTTP request to an affected device. A successful exploit could allow the attacker to upload files to the affected device with the permissions of the tomcat8 user.
EPSS 92.86% · 99.8th percentile
Risk Scores
CVSS 3.1
5.300000190734863
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
EPSS Score
92.86%
99.8th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Cisco | Cisco HyperFlex HX Data Platform | * |
| cisco | hyperflex_hx_data_platform | 0, 4.5 |
Exploit Intelligence
- http://packetstormsecurity.com/files/163203/Cisco-HyperFlex-HX-Data-Platform-File-Upload-Remote-Code-Execution.html (nist-nvd)
- CIRCL seen: CVE-2021-1499 (circl-sighting)
- CIRCL confirmed: CVE-2021-1499 (circl-sighting)
- CIRCL seen: CVE-2021-1499 (circl-sighting)
- CIRCL seen: CVE-2021-1499 (circl-sighting)
- 20210505 Cisco HyperFlex HX Data Platform File Upload Vulnerability (circl)
- ET EXPLOIT Cisco HyperFlex HX Data Platform Pre-Auth RCE Inbound (CVE-2021-1499) (emergingthreats)
- ET EXPLOIT Cisco HyperFlex HX Data Platform Pre-Auth RCE Inbound (CVE-2021-1499) (emergingthreats)
- ET EXPLOIT Cisco HyperFlex HX Data Platform Pre-Auth RCE Inbound (CVE-2021-1499) (emergingthreats)
- Cisco HyperFlex HX Data Platform File Upload / Remote Code Execution Exploit (0day-today)
…and 8 more exploits
Timeline
- Apr 13, 2021 CVE Published
- May 7, 2021 EPSS Score
- Jun 17, 2021 PoC Published
- Jun 17, 2021 PoC Published
- Jun 24, 2021 EPSS Score
- Jul 10, 2021 EPSS Score
- Sep 7, 2021 PoC Published
- Sep 14, 2021 EPSS Score
- Nov 11, 2021 EPSS Score
- Jan 6, 2022 EPSS Score
- Feb 4, 2022 EPSS Score
- Mar 27, 2022 EPSS Score