CVE-2021-1499 PoC — Cisco HyperFlex HX Data Platform 访问控制错误漏洞

Source

https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2021/CVE-2021-1499.yaml

Associated Vulnerability

Title:Cisco HyperFlex HX Data Platform 访问控制错误漏洞 (CVE-2021-1499)
Description:Cisco HyperFlex HX Data Platform是美国思科（Cisco）公司的一个网络设备。提供企业级的敏捷性，可扩展性，安全性和生命周期管理功能。 Cisco HyperFlex HX Data Platform 存在访问控制错误漏洞，攻击者可利用该漏洞可以通过向受影响的设备发送特定的HTTP请求来利用这个漏洞，将文件上传到受影响的设备。

Description

Cisco HyperFlex HX Data Platform contains an arbitrary file upload vulnerability in the web-based management interface. An attacker can send a specific HTTP request to an affected device, thus enabling upload of files to the affected device with the permissions of the tomcat8 user.

File Snapshot


 id: CVE-2021-1499

info:
  name: Cisco HyperFlex HX Data Platform - Arbitrary File Upload
  author: 

...

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!