cbcvebase.
CVE-2021-1559
published 2021-05-22

CVE-2021-1559: Multiple vulnerabilities in Cisco DNA Spaces Connector could allow an authenticated, remote attacker to perform a command injection attack on an affected…

PriorityP350high7.2CVSS 3.1
AVNACLPRHUINSUCHIHAH
EPSS
2.72%
84.2th percentile
Multiple vulnerabilities in Cisco DNA Spaces Connector could allow an authenticated, remote attacker to perform a command injection attack on an affected device. These vulnerabilities are due to insufficient input sanitization when executing affected commands. A high-privileged attacker could exploit these vulnerabilities on a Cisco DNA Spaces Connector by injecting crafted input during command execution. A successful exploit could allow the attacker to execute arbitrary commands as root within the Connector docker container.

Affected

3 ranges
VendorProductVersion rangeFixed in
ciscocisco_dna_spaces_connector
ciscodna_spaces< 2.0.5192.0.519
ciscodna_spaces_connector

CVSS provenance

nvdv3.17.2HIGHCVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
nvdv2.09.0CRITICALAV:N/AC:L/Au:S/C:C/I:C/A:C
vendor_cisco6.5MEDIUM
vendor_oracle5.9MEDIUM
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.