CVE-2019-15995
published 2019-11-26CVE-2019-15995: A vulnerability in the web UI of Cisco DNA Spaces: Connector could allow an authenticated, remote attacker to execute arbitrary SQL queries. The vulnerability…
PriorityP338medium6.5CVSS 3.1
AVNACLPRHUINSUCNIHAH
EPSS
1.15%
62.9th percentile
A vulnerability in the web UI of Cisco DNA Spaces: Connector could allow an authenticated, remote attacker to execute arbitrary SQL queries. The vulnerability exists because the web UI does not properly validate user-supplied input. An attacker could exploit this vulnerability by entering malicious SQL statements in an affected field in the web UI. A successful exploit could allow the attacker to remove the SQL database, which would require the reinstallation of the Connector VM.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| cisco | cisco_dna_spaces | >= unspecified < n/a | n/a |
| cisco | dna_spaces | < 2.0 | 2.0 |
| cisco | dna_spaces_connector | — | — |
CVSS provenance
nvdv3.16.5MEDIUMCVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H
nvdv3.06.5MEDIUMCVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H
nvdv2.05.5MEDIUMAV:N/AC:L/Au:S/C:N/I:P/A:P
vendor_cisco6.5MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Cisco
Cisco DNA Spaces: Connector SQL Injection Vulnerability
vendor_cisco·2019-11-20·CVSS 6.5
CVE-2019-15995 [MEDIUM] CWE-89 Cisco DNA Spaces: Connector SQL Injection Vulnerability
Cisco DNA Spaces: Connector SQL Injection Vulnerability
A vulnerability in the web UI of Cisco DNA Spaces: Connector could allow an authenticated, remote attacker to execute arbitrary SQL queries.
The vulnerability exists because the web UI does not properly validate user-supplied input. An attacker could exploit this vulnerability by entering malicious SQL statements in an affected field in the web UI. A successful exploit could allow the attacker to remove the SQL database, which would require the reinstallation of the Connector VM.
Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
This advisory is available at the following link:
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cis
Cisco
Cisco DNA Spaces: Connector SQL Injection Vulnerability
vendor_cisco·CVSS 3.0
CVE-2019-15995 Cisco DNA Spaces: Connector SQL Injection Vulnerability
CVE-2019-15995: Cisco DNA Spaces: Connector SQL Injection Vulnerability
A vulnerability in the web UI of Cisco DNA Spaces: Connector could allow an authenticated, remote attacker to execute arbitrary SQL queries. The vulnerability exists because the web UI does not properly validate user-supplied input. An attacker could exploit this vulnerability by entering malicious SQL statements in an affected field in the web UI. A successful exploit could allow the attacker to remove the SQL database, which would require the reinstallation of the Connector VM. Cisco has released software updates that address this vulnerability. There are no
CVSS: 3.0
CWE: CWE-89, CWE-89
Bug IDs: CSCvo26599
GHSA
GHSA-cq99-vcvg-2ff7: A vulnerability in the web UI of Cisco DNA Spaces: Connector could allow an authenticated, remote attacker to execute arbitrary SQL queries
ghsa_unreviewed·2022-05-24
CVE-2019-15995 [MEDIUM] CWE-89 GHSA-cq99-vcvg-2ff7: A vulnerability in the web UI of Cisco DNA Spaces: Connector could allow an authenticated, remote attacker to execute arbitrary SQL queries
A vulnerability in the web UI of Cisco DNA Spaces: Connector could allow an authenticated, remote attacker to execute arbitrary SQL queries. The vulnerability exists because the web UI does not properly validate user-supplied input. An attacker could exploit this vulnerability by entering malicious SQL statements in an affected field in the web UI. A successful exploit could allow the attacker to remove the SQL database, which would require the reinstallation of the Connector VM.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2019-11-26
Published