Lucene search
+L
CiscoDna Spaces: Connector

9 matches found

CVE
CVE
added 2021/12/10 12:0 a.m.6922 views

CVE-2021-44228

CVE-2021-44228 (Log4Shell) affects Apache Log4j2 2.0-beta9 through 2.15.0 (excluding some security releases) and is specific to log4j-core. The vulnerability arises from JNDI features used in configuration, log messages, and parameters, which can be exploited when an attacker can control log mess...

10CVSS10AI score0.99999EPSS
In wild
CVE
CVE
added 2019/11/26 3:41 a.m.94 views

CVE-2019-15997

CVE-2019-15997 affects Cisco DNA Spaces: Connector. The advisory and multiple sources describe a local command-injection vulnerability caused by insufficient validation of CLI command arguments. An authenticated, local attacker could supply malicious input during command execution and gain arbitr...

7.2CVSS7AI score0.00729EPSS
CVE
CVE
added 2021/05/22 6:40 a.m.92 views

CVE-2021-1559

CVE-2021-1559 describes multiple command-injection vulnerabilities in Cisco DNA Spaces Connector. The root cause, per sources, is insufficient input sanitization during command execution, enabling an authenticated, remote attacker to run arbitrary OS commands as root inside the Connector Docker c...

9CVSS7.4AI score0.02716EPSS
CVE
CVE
added 2019/11/26 3:41 a.m.91 views

CVE-2019-15996

CVE-2019-15996 : Cisco DNA Spaces: Connector contains a local privilege-escalation vulnerability. An authenticated, local attacker can exploit insufficient restrictions when executing an affected CLI command to elevate privileges and run arbitrary commands as root, potentially modifying sensitive...

7.2CVSS6.7AI score0.00518EPSS
CVE
CVE
added 2021/05/22 6:40 a.m.89 views

CVE-2021-1560

CVE-2021-1560 describes command injection vulnerabilities in Cisco DNA Spaces Connector due to insufficient input sanitization during command execution. An authenticated, remote attacker could inject crafted input to run arbitrary commands as root inside the Connector docker container, as stated ...

9CVSS7.4AI score0.02716EPSS
CVE
CVE
added 2021/05/22 6:40 a.m.85 views

CVE-2021-1557

Cisco DNA Spaces Connector contains OS command injection and privilege-escalation vulnerabilities for versions prior to 2.3.1. An authenticated, local attacker could exploit insufficient restrictions during execution of CLI commands to elevate privileges to root and execute arbitrary commands on ...

7.2CVSS6.7AI score0.00325EPSS
CVE
CVE
added 2019/11/26 3:41 a.m.84 views

CVE-2019-15995

Cisco DNA Spaces: Connector is affected by a SQL injection in the web UI. The vulnerability allows an authenticated, remote attacker to execute arbitrary SQL queries due to improper input validation, potentially removing the SQL database and forcing a Connector VM reinstallation. Multiple sources...

6.5CVSS6.9AI score0.0115EPSS
CVE
CVE
added 2021/05/22 6:40 a.m.77 views

CVE-2021-1558

Cisco DNA Spaces Connector contains privilege-escalation and OS command-injection vulnerabilities. The root cause is insufficient restrictions during the execution of affected CLI commands, allowing an authenticated local attacker (from the dnasadmin context) to elevate privileges to root and exe...

7.2CVSS6.7AI score0.00325EPSS
CVE
CVE
added 2020/11/18 5:41 p.m.66 views

CVE-2020-3586

Cisco DNA Spaces Connector exposes a vulnerability in its web-based management interface that allows unauthenticated remote command execution due to insufficient input validation. A crafted HTTP request can run arbitrary OS commands with the web app’s privileges, potentially impacting integrity a...

10CVSS9.9AI score0.02451EPSS