First published: Sat May 22 2021(Updated: )
Multiple vulnerabilities in Cisco DNA Spaces Connector could allow an authenticated, local attacker to elevate privileges and execute arbitrary commands on the underlying operating system as root. These vulnerabilities are due to insufficient restrictions during the execution of affected CLI commands. An attacker could exploit these vulnerabilities by leveraging the insufficient restrictions during execution of these commands. A successful exploit could allow the attacker to elevate privileges from dnasadmin and execute arbitrary commands on the underlying operating system as root.
Credit: ykramarz@cisco.com
Affected Software | Affected Version | How to fix |
---|---|---|
Cisco Dna Spaces\ | <2.3.1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2021-1557 is a vulnerability in Cisco DNA Spaces Connector that allows an authenticated local attacker to elevate privileges and execute arbitrary commands as root.
CVE-2021-1557 has a severity rating of 6.7, which is considered high.
The affected software for CVE-2021-1557 is Cisco DNA Spaces Connector up to version 2.3.1.
The Common Weakness Enumeration (CWE) ID for CVE-2021-1557 is CWE-78.
To fix CVE-2021-1557, it is recommended to update Cisco DNA Spaces Connector to a version beyond 2.3.1.