CVE-2021-1559
published 2021-05-22CVE-2021-1559: Multiple vulnerabilities in Cisco DNA Spaces Connector could allow an authenticated, remote attacker to perform a command injection attack on an affected…
PriorityP350high7.2CVSS 3.1
AVNACLPRHUINSUCHIHAH
EPSS
2.72%
84.2th percentile
Multiple vulnerabilities in Cisco DNA Spaces Connector could allow an authenticated, remote attacker to perform a command injection attack on an affected device. These vulnerabilities are due to insufficient input sanitization when executing affected commands. A high-privileged attacker could exploit these vulnerabilities on a Cisco DNA Spaces Connector by injecting crafted input during command execution. A successful exploit could allow the attacker to execute arbitrary commands as root within the Connector docker container.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| cisco | cisco_dna_spaces_connector | — | — |
| cisco | dna_spaces | < 2.0.519 | 2.0.519 |
| cisco | dna_spaces_connector | — | — |
CVSS provenance
nvdv3.17.2HIGHCVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
nvdv2.09.0CRITICALAV:N/AC:L/Au:S/C:C/I:C/A:C
vendor_cisco6.5MEDIUM
vendor_oracle5.9MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Cisco
Cisco DNA Spaces Connector Command Injection Vulnerabilities
vendor_cisco·2021-05-19·CVSS 6.5
CVE-2021-1559 [MEDIUM] CWE-78 Cisco DNA Spaces Connector Command Injection Vulnerabilities
Cisco DNA Spaces Connector Command Injection Vulnerabilities
Multiple vulnerabilities in Cisco DNA Spaces Connector could allow an authenticated, remote attacker to perform a command injection attack on an affected device.
These vulnerabilities are due to insufficient input sanitization when executing affected commands. A high-privileged attacker could exploit these vulnerabilities on a Cisco DNA Spaces Connector by injecting crafted input during command execution. A successful exploit could allow the attacker to execute arbitrary commands as root within the Connector docker container.
Cisco has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities.
This advisory is available at the following link:https://sec.cloudapps.c
Oracle
Oracle Oracle Communications Risk Matrix: Security (OpenSSL) — CVE-2019-1559
vendor_oracle·2021-01-15·CVSS 5.9
CVE-2019-1559 [MEDIUM] Oracle Oracle Communications Risk Matrix: Security (OpenSSL) — CVE-2019-1559
Oracle Oracle Communications Risk Matrix: Security (OpenSSL) vulnerability
CVE: CVE-2019-1559
CVSS: 5.9
Protocol: HTTPS
Remote exploit: Yes
Affected versions: Network
Advisory: cpujan2021 (JAN 2021)
Cisco
Cisco DNA Spaces Connector Command Injection Vulnerabilities
vendor_cisco·CVSS 3.1
CVE-2021-1559 Cisco DNA Spaces Connector Command Injection Vulnerabilities
CVE-2021-1559: Cisco DNA Spaces Connector Command Injection Vulnerabilities
Multiple vulnerabilities in Cisco DNA Spaces Connector could allow an authenticated, remote attacker to perform a command injection attack on an affected device. These vulnerabilities are due to insufficient input sanitization when executing affected commands. A high-privileged attacker could exploit these vulnerabilities on a Cisco DNA Spaces Connector by injecting crafted input during command execution. A successful exploit could allow the attacker to execute arbitrary commands as root within the Connector docker container. Cisco has released software updates that address these vulnerabilities. There are no
CVSS: 3.1
CWE: CWE-78, CWE-88, CWE-78, CWE-88
Bug IDs: CSCvx27097, CSCvx27099
GHSA
GHSA-cq84-m873-rx6r: Multiple vulnerabilities in Cisco DNA Spaces Connector could allow an authenticated, remote attacker to perform a command injection attack on an affec
ghsa_unreviewed·2022-05-24
CVE-2021-1559 [HIGH] CWE-78 GHSA-cq84-m873-rx6r: Multiple vulnerabilities in Cisco DNA Spaces Connector could allow an authenticated, remote attacker to perform a command injection attack on an affec
Multiple vulnerabilities in Cisco DNA Spaces Connector could allow an authenticated, remote attacker to perform a command injection attack on an affected device. These vulnerabilities are due to insufficient input sanitization when executing affected commands. A high-privileged attacker could exploit these vulnerabilities on a Cisco DNA Spaces Connector by injecting crafted input during command execution. A successful exploit could allow the attacker to execute arbitrary commands as root within the Connector docker container.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2021-05-22
Published