CVE-2019-15996 MEDIUM

CVE-2019-15996: Cisco DNA Spaces: Connector Privilege Escalation Vulnerability

Vendor Cisco

Product Cisco DNA Spaces

Weakness CWE-264

Published November 26, 2019

Last update November 20, 2024

View on NVD All CVEs

CVSS base score

6.7/10

Attack vector Local

Attack complexity Low

Privileges required High

User interaction None

Confidentiality High

Integrity High

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

A vulnerability in Cisco DNA Spaces: Connector could allow an authenticated, local attacker to elevate privileges and execute arbitrary commands on the underlying operating system as root. The vulnerability is due to insufficient restrictions during the execution of an affected CLI command. An attacker could exploit this vulnerability by leveraging the insufficient restrictions to modify sensitive files. A successful exploit could allow the attacker to elevate privileges and execute arbitrary commands on the underlying operating system as root.

Key dates

02Disclosure timeline

November 26, 2019 CVE published

November 20, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2019-15996

Related vulnerabilities

CVE-2019-15996: Cisco DNA Spaces: Connector Privilege Escalation Vulnerability

01Description

02Disclosure timeline

03References

04Related CVE