← volver
CVE-2019-15997

Cisco DNA Spaces: Connector Command Injection Vulnerability

CVSS 6.7 MEDIUMEPSS 0.7%CWE-20
Vexday Risk Score
13Bajo
Decisión SSVC (CISA)
Track
Sin señal de explotación → monitorear
CVSS 6.7EPSS 0.7%KEV nãoPoC Nuclei Metasploit Patch referenciado
Ciclo de vida
26 nov 2019Publicada en NVD
Recomendación: Monitorear — sin señal de explotación por ahora.
A vulnerability in Cisco DNA Spaces: Connector could allow an authenticated, local attacker to perform a command injection attack and execute arbitrary commands on the underlying operating system as root. The vulnerability is due to insufficient validation of arguments passed to a specific CLI command. An attacker could exploit this vulnerability by including malicious input during the execution of the affected command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system as root.
CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Productos afectados
Cisco · Cisco DNA Spaces