CVE-2019-15995 MEDIUM

CVE-2019-15995: Cisco DNA Spaces: Connector SQL Injection Vulnerability

Vendor Cisco

Product Cisco DNA Spaces

Weakness CWE-89 · SQLi

Published November 26, 2019

Last update November 21, 2024

View on NVD All CVEs

CVSS base score

6.5/10

Attack vector Network

Attack complexity Low

Privileges required High

User interaction None

Confidentiality None

Integrity High

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H

What the vulnerability does

01Description

A vulnerability in the web UI of Cisco DNA Spaces: Connector could allow an authenticated, remote attacker to execute arbitrary SQL queries. The vulnerability exists because the web UI does not properly validate user-supplied input. An attacker could exploit this vulnerability by entering malicious SQL statements in an affected field in the web UI. A successful exploit could allow the attacker to remove the SQL database, which would require the reinstallation of the Connector VM.

Key dates

02Disclosure timeline

November 26, 2019 CVE published

November 21, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2019-15995 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/89.html

Related vulnerabilities

CVE-2019-15995: Cisco DNA Spaces: Connector SQL Injection Vulnerability

01Description

02Disclosure timeline

03References

04Related CVE