Lucene search

CiscoCVELIST:CVE-2021-1560

HistoryMay 22, 2021 - 6:40 a.m.

CVE-2021-1560 Cisco DNA Spaces Connector Command Injection Vulnerabilities

2021-05-2206:40:52

CWE-78

cisco

www.cve.org

cve-2021-1560

cisco dna spaces

command injection

authenticated attacker

input sanitization

high-privileged

docker container

arbitrary commands

root access

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N

AI Score

7.8

Confidence

High

EPSS

0.001

Percentile

48.8%

JSON

Multiple vulnerabilities in Cisco DNA Spaces Connector could allow an authenticated, remote attacker to perform a command injection attack on an affected device. These vulnerabilities are due to insufficient input sanitization when executing affected commands. A high-privileged attacker could exploit these vulnerabilities on a Cisco DNA Spaces Connector by injecting crafted input during command execution. A successful exploit could allow the attacker to execute arbitrary commands as root within the Connector docker container.

CNA Affected

[
  {
    "product": "Cisco DNA Spaces Connector",
    "vendor": "Cisco",
    "versions": [
      {
        "status": "affected",
        "version": "n/a"
      }
    ]
  }
]

References

tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-dnasp-conn-cmdinj-HOj4YV5n

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N

AI Score

7.8

Confidence

High

EPSS

0.001

Percentile

48.8%

JSON

Related for CVELIST:CVE-2021-1560