CVE-2019-15997
published 2019-11-26CVE-2019-15997: A vulnerability in Cisco DNA Spaces: Connector could allow an authenticated, local attacker to perform a command injection attack and execute arbitrary…
PriorityP335medium6.7CVSS 3.1
AVLACLPRHUINSUCHIHAH
EPSS
0.73%
49.6th percentile
A vulnerability in Cisco DNA Spaces: Connector could allow an authenticated, local attacker to perform a command injection attack and execute arbitrary commands on the underlying operating system as root. The vulnerability is due to insufficient validation of arguments passed to a specific CLI command. An attacker could exploit this vulnerability by including malicious input during the execution of the affected command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system as root.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| cisco | cisco_dna_spaces | >= unspecified < n/a | n/a |
| cisco | dna_spaces | < 2.0 | 2.0 |
| cisco | dna_spaces_connector | — | — |
CVSS provenance
nvdv3.16.7MEDIUMCVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
nvdv3.06.7MEDIUMCVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.2HIGHAV:L/AC:L/Au:N/C:C/I:C/A:C
vendor_cisco6.7MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-wfmg-82gp-4v96: A vulnerability in Cisco DNA Spaces: Connector could allow an authenticated, local attacker to perform a command injection attack and execute arbitrar
ghsa_unreviewed·2022-05-24
CVE-2019-15997 [HIGH] CWE-20 GHSA-wfmg-82gp-4v96: A vulnerability in Cisco DNA Spaces: Connector could allow an authenticated, local attacker to perform a command injection attack and execute arbitrar
A vulnerability in Cisco DNA Spaces: Connector could allow an authenticated, local attacker to perform a command injection attack and execute arbitrary commands on the underlying operating system as root. The vulnerability is due to insufficient validation of arguments passed to a specific CLI command. An attacker could exploit this vulnerability by including malicious input during the execution of the affected command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system as root.
Cisco
Cisco DNA Spaces: Connector Command Injection Vulnerability
vendor_cisco·2019-11-20·CVSS 6.7
CVE-2019-15997 [MEDIUM] CWE-20 Cisco DNA Spaces: Connector Command Injection Vulnerability
Cisco DNA Spaces: Connector Command Injection Vulnerability
A vulnerability in Cisco DNA Spaces: Connector could allow an authenticated, local attacker to perform a command injection attack and execute arbitrary commands on the underlying operating system as root.
The vulnerability is due to insufficient validation of arguments passed to a specific CLI command. An attacker could exploit this vulnerability by including malicious input during the execution of the affected command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system as root.
Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
This advisory is available at the following link:
https://sec.clouda
Cisco
Cisco DNA Spaces: Connector Command Injection Vulnerability
vendor_cisco·CVSS 3.0
CVE-2019-15997 Cisco DNA Spaces: Connector Command Injection Vulnerability
CVE-2019-15997: Cisco DNA Spaces: Connector Command Injection Vulnerability
A vulnerability in Cisco DNA Spaces: Connector could allow an authenticated, local attacker to perform a command injection attack and execute arbitrary commands on the underlying operating system as root . The vulnerability is due to insufficient validation of arguments passed to a specific CLI command. An attacker could exploit this vulnerability by including malicious input during the execution of the affected command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system as root . Cisco has released software updates that address this vulnerability. There are no
CVSS: 3.0
CWE: CWE-20, CWE-20
Bug IDs: CSCvp27714
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2019-11-26
Published