First published: Sat May 22 2021(Updated: )
Multiple vulnerabilities in Cisco DNA Spaces Connector could allow an authenticated, remote attacker to perform a command injection attack on an affected device. These vulnerabilities are due to insufficient input sanitization when executing affected commands. A high-privileged attacker could exploit these vulnerabilities on a Cisco DNA Spaces Connector by injecting crafted input during command execution. A successful exploit could allow the attacker to execute arbitrary commands as root within the Connector docker container.
Credit: ykramarz@cisco.com
Affected Software | Affected Version | How to fix |
---|---|---|
Cisco Dna Spaces\ | <2.0.519 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID of this Cisco DNA Spaces Connector vulnerability is CVE-2021-1559.
The severity of CVE-2021-1559 is critical with a severity value of 7.2.
The affected software version of CVE-2021-1559 is Cisco DNA Spaces Connector up to version 2.0.519.
CVE-2021-1559 is a vulnerability in Cisco DNA Spaces Connector that allows an authenticated remote attacker to perform a command injection attack.
The vulnerability in Cisco DNA Spaces Connector can be exploited by an authenticated remote attacker through insufficient input sanitization when executing affected commands.