CVE-2019-15997 MEDIUM

CVE-2019-15997: Cisco DNA Spaces: Connector Command Injection Vulnerability

Vendor Cisco

Product Cisco DNA Spaces

Weakness CWE-20 · Input validation

Published November 26, 2019

Last update November 20, 2024

View on NVD All CVEs

CVSS base score

6.7/10

Attack vector Local

Attack complexity Low

Privileges required High

User interaction None

Confidentiality High

Integrity High

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

A vulnerability in Cisco DNA Spaces: Connector could allow an authenticated, local attacker to perform a command injection attack and execute arbitrary commands on the underlying operating system as root. The vulnerability is due to insufficient validation of arguments passed to a specific CLI command. An attacker could exploit this vulnerability by including malicious input during the execution of the affected command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system as root.

Key dates

02Disclosure timeline

November 26, 2019 CVE published

November 20, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2019-15997 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/20.html

Related vulnerabilities

CVE-2019-15997: Cisco DNA Spaces: Connector Command Injection Vulnerability

01Description

02Disclosure timeline

03References

04Related CVE