CVE-2019-15997

A vulnerability in Cisco DNA Spaces: Connector could allow an authenticated, local attacker to perform a command injection attack and execute arbitrary commands on the underlying operating system as root. The vulnerability is due to insufficient validation of arguments passed to a specific CLI command. An attacker could exploit this vulnerability by including malicious input during the execution of the affected command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system as root.

Severity	MEDIUM
CVSS	6.7
EPSS	0.16% EPSS low
CWE	CWE-20
KEV
Published	6 years ago
Modified	1 year ago

Public Affected Products

Product	Advisory	Evidence
Cisco DNA Spaces	cisco-sa-20191120-dna-cmd-injection	Cisco CSAF · structured affected
Cisco DNA Spaces Connector	cisco-sa-20191120-dna-cmd-injection	Cisco CSAF · structured affected