CVE-2019-15996
published 2019-11-26CVE-2019-15996: A vulnerability in Cisco DNA Spaces: Connector could allow an authenticated, local attacker to elevate privileges and execute arbitrary commands on the…
PriorityP335medium6.7CVSS 3.1
AVLACLPRHUINSUCHIHAH
EPSS
0.52%
40.1th percentile
A vulnerability in Cisco DNA Spaces: Connector could allow an authenticated, local attacker to elevate privileges and execute arbitrary commands on the underlying operating system as root. The vulnerability is due to insufficient restrictions during the execution of an affected CLI command. An attacker could exploit this vulnerability by leveraging the insufficient restrictions to modify sensitive files. A successful exploit could allow the attacker to elevate privileges and execute arbitrary commands on the underlying operating system as root.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| cisco | cisco_dna_spaces | >= unspecified < n/a | n/a |
| cisco | dna_spaces | < 2.1 | 2.1 |
| cisco | dna_spaces_connector | — | — |
CVSS provenance
nvdv3.16.7MEDIUMCVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
nvdv3.06.7MEDIUMCVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.2HIGHAV:L/AC:L/Au:N/C:C/I:C/A:C
vendor_cisco6.7MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-4gg2-9pqf-2qqx: A vulnerability in Cisco DNA Spaces: Connector could allow an authenticated, local attacker to elevate privileges and execute arbitrary commands on th
ghsa_unreviewed·2022-05-24
CVE-2019-15996 [HIGH] GHSA-4gg2-9pqf-2qqx: A vulnerability in Cisco DNA Spaces: Connector could allow an authenticated, local attacker to elevate privileges and execute arbitrary commands on th
A vulnerability in Cisco DNA Spaces: Connector could allow an authenticated, local attacker to elevate privileges and execute arbitrary commands on the underlying operating system as root. The vulnerability is due to insufficient restrictions during the execution of an affected CLI command. An attacker could exploit this vulnerability by leveraging the insufficient restrictions to modify sensitive files. A successful exploit could allow the attacker to elevate privileges and execute arbitrary commands on the underlying operating system as root.
Cisco
Cisco DNA Spaces: Connector Privilege Escalation Vulnerability
vendor_cisco·2019-11-20·CVSS 6.7
CVE-2019-15996 [MEDIUM] CWE-264 Cisco DNA Spaces: Connector Privilege Escalation Vulnerability
Cisco DNA Spaces: Connector Privilege Escalation Vulnerability
A vulnerability in Cisco DNA Spaces: Connector could allow an authenticated, local attacker to elevate privileges and execute arbitrary commands on the underlying operating system as root.
The vulnerability is due to insufficient restrictions during the execution of an affected CLI command. An attacker could exploit this vulnerability by leveraging the insufficient restrictions to modify sensitive files. A successful exploit could allow the attacker to elevate privileges and execute arbitrary commands on the underlying operating system as root.
Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
This advisory is available at the following link:
https://
Cisco
Cisco DNA Spaces: Connector Privilege Escalation Vulnerability
vendor_cisco·CVSS 3.0
CVE-2019-15996 Cisco DNA Spaces: Connector Privilege Escalation Vulnerability
CVE-2019-15996: Cisco DNA Spaces: Connector Privilege Escalation Vulnerability
A vulnerability in Cisco DNA Spaces: Connector could allow an authenticated, local attacker to elevate privileges and execute arbitrary commands on the underlying operating system as root . The vulnerability is due to insufficient restrictions during the execution of an affected CLI command. An attacker could exploit this vulnerability by leveraging the insufficient restrictions to modify sensitive files. A successful exploit could allow the attacker to elevate privileges and execute arbitrary commands on the underlying operating system as root . Cisco has released software updates that address this vulnerability. There are no
CVSS: 3.0
CWE: CWE-264, CWE-264
Bug IDs: CSCvp27683
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2019-11-26
Published