CVE-2021-1560
Cisco DNA Spaces Connector Command Injection Vulnerabilities
Vexday Risk Score
13Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 6.5EPSS 2.7%KEV nãoPoC —Nuclei —Metasploit —Patch referenciado
Lifecycle
22 May 2021Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
Multiple vulnerabilities in Cisco DNA Spaces Connector could allow an authenticated, remote attacker to perform a command injection attack on an affected device. These vulnerabilities are due to insufficient input sanitization when executing affected commands. A high-privileged attacker could exploit these vulnerabilities on a Cisco DNA Spaces Connector by injecting crafted input during command execution. A successful exploit could allow the attacker to execute arbitrary commands as root within the Connector docker container.
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
Affected products
Cisco · Cisco DNA Spaces ConnectorWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →