Описание
Multiple vulnerabilities in Cisco DNA Spaces Connector could allow an authenticated, remote attacker to perform a command injection attack on an affected device. These vulnerabilities are due to insufficient input sanitization when executing affected commands. A high-privileged attacker could exploit these vulnerabilities on a Cisco DNA Spaces Connector by injecting crafted input during command execution. A successful exploit could allow the attacker to execute arbitrary commands as root within the Connector docker container.
Уязвимые конфигурации
EPSS
6.5 Medium
CVSS3
7.2 High
CVSS3
9 Critical
CVSS2
Дефекты
Связанные уязвимости
Multiple vulnerabilities in Cisco DNA Spaces Connector could allow an authenticated, remote attacker to perform a command injection attack on an affected device. These vulnerabilities are due to insufficient input sanitization when executing affected commands. A high-privileged attacker could exploit these vulnerabilities on a Cisco DNA Spaces Connector by injecting crafted input during command execution. A successful exploit could allow the attacker to execute arbitrary commands as root within the Connector docker container.
Уязвимость приложения сбора и агрегации данных из контроллеров и точек доступа Cisco DNA Spaces Connector, связанная с непринятием мер по нейтрализации специальных элементов, используемых в командах операционной системы, позволяющая нарушителю выполнять произвольные команды с привилегиями root
EPSS
6.5 Medium
CVSS3
7.2 High
CVSS3
9 Critical
CVSS2