CVE-2021-1560
published 2021-05-22CVE-2021-1560: Multiple vulnerabilities in Cisco DNA Spaces Connector could allow an authenticated, remote attacker to perform a command injection attack on an affected…
PriorityP350high7.2CVSS 3.1
AVNACLPRHUINSUCHIHAH
EPSS
2.72%
84.2th percentile
Multiple vulnerabilities in Cisco DNA Spaces Connector could allow an authenticated, remote attacker to perform a command injection attack on an affected device. These vulnerabilities are due to insufficient input sanitization when executing affected commands. A high-privileged attacker could exploit these vulnerabilities on a Cisco DNA Spaces Connector by injecting crafted input during command execution. A successful exploit could allow the attacker to execute arbitrary commands as root within the Connector docker container.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| cisco | cisco_dna_spaces_connector | — | — |
| cisco | dna_spaces | < 2.0.519 | 2.0.519 |
| cisco | dna_spaces_connector | — | — |
CVSS provenance
nvdv3.17.2HIGHCVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
nvdv2.09.0CRITICALAV:N/AC:L/Au:S/C:C/I:C/A:C
vendor_cisco6.5MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-wc9r-v7x6-6jjq: Multiple vulnerabilities in Cisco DNA Spaces Connector could allow an authenticated, remote attacker to perform a command injection attack on an affec
ghsa_unreviewed·2022-05-24
CVE-2021-1560 [HIGH] CWE-77 GHSA-wc9r-v7x6-6jjq: Multiple vulnerabilities in Cisco DNA Spaces Connector could allow an authenticated, remote attacker to perform a command injection attack on an affec
Multiple vulnerabilities in Cisco DNA Spaces Connector could allow an authenticated, remote attacker to perform a command injection attack on an affected device. These vulnerabilities are due to insufficient input sanitization when executing affected commands. A high-privileged attacker could exploit these vulnerabilities on a Cisco DNA Spaces Connector by injecting crafted input during command execution. A successful exploit could allow the attacker to execute arbitrary commands as root within the Connector docker container.
Cisco
Cisco DNA Spaces Connector Command Injection Vulnerabilities
vendor_cisco·2021-05-19·CVSS 6.5
CVE-2021-1559 [MEDIUM] CWE-78 Cisco DNA Spaces Connector Command Injection Vulnerabilities
Cisco DNA Spaces Connector Command Injection Vulnerabilities
Multiple vulnerabilities in Cisco DNA Spaces Connector could allow an authenticated, remote attacker to perform a command injection attack on an affected device.
These vulnerabilities are due to insufficient input sanitization when executing affected commands. A high-privileged attacker could exploit these vulnerabilities on a Cisco DNA Spaces Connector by injecting crafted input during command execution. A successful exploit could allow the attacker to execute arbitrary commands as root within the Connector docker container.
Cisco has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities.
This advisory is available at the following link:https://sec.cloudapps.c
Cisco
Cisco DNA Spaces Connector Command Injection Vulnerabilities
vendor_cisco·CVSS 3.1
CVE-2021-1560 Cisco DNA Spaces Connector Command Injection Vulnerabilities
CVE-2021-1560: Cisco DNA Spaces Connector Command Injection Vulnerabilities
Multiple vulnerabilities in Cisco DNA Spaces Connector could allow an authenticated, remote attacker to perform a command injection attack on an affected device. These vulnerabilities are due to insufficient input sanitization when executing affected commands. A high-privileged attacker could exploit these vulnerabilities on a Cisco DNA Spaces Connector by injecting crafted input during command execution. A successful exploit could allow the attacker to execute arbitrary commands as root within the Connector docker container. Cisco has released software updates that address these vulnerabilities. There are no
CVSS: 3.1
CWE: CWE-78, CWE-88, CWE-78, CWE-88
Bug IDs: CSCvx27097, CSCvx27099
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2021-05-22
Published