.. / CVE-2021-1499

Exploit for Cisco HyperFlex HX Data Platform - Arbitrary File Upload (CVE-2021-1499)

Description:

Cisco HyperFlex HX Data Platform contains an arbitrary file upload vulnerability in the web-based management interface. An attacker can send a specific HTTP request to an affected device, thus enabling upload of files to the affected device with the permissions of the tomcat8 user.

Nuclei Template

View the template here CVE-2021-1499.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2021/CVE-2021-1499.yaml

References:

http://packetstormsecurity.com/files/163203/Cisco-HyperFlex-HX-Data-Platform-File-Upload-Remote-Code-Execution.html
https://swarm.ptsecurity.com/cisco-hyperflex-how-we-got-rce-through-login-form-and-other-findings/
https://nvd.nist.gov/vuln/detail/CVE-2021-1499
https://github.com/Z0fhack/Goby_POC
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-hyperflex-upload-KtCK8Ugz

.. / CVE-2021-1499 if(localStorage["style"]=="true"){ document.getElementById('pagestyle').setAttribute('href','/assets/styleDark.css'); document.querySelector('input[type="checkbox"]').checked = true }

Exploit for Cisco HyperFlex HX Data Platform - Arbitrary File Upload (CVE-2021-1499)

Description:

Nuclei Template

Validate with Nuclei

.. / CVE-2021-1499