CVE-2021-1560 — Vulnetix

CVE-2021-1560 PUBLISHED CVSS 6.5 MEDIUM

Multiple vulnerabilities in Cisco DNA Spaces Connector could allow an authenticated, remote attacker to perform a command injection attack on an affected device. These vulnerabilities are due to insufficient input sanitization when executing affected commands. A high-privileged attacker could exploit these vulnerabilities on a Cisco DNA Spaces Connector by injecting crafted input during command execution. A successful exploit could allow the attacker to execute arbitrary commands as root within the Connector docker container.

EPSS 2.97% · 86.8th percentile

Risk Scores

CVSS 3.1

6.5

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N

EPSS Score

2.97%

86.8th percentile

Affected Products

Vendor	Product	Versions
cisco	dna_spaces\	_connector
Cisco	Cisco DNA Spaces Connector	n/a

Exploit Intelligence

20210519 Cisco DNA Spaces Connector Command Injection Vulnerabilities (circl)

Timeline

May 22, 2021 EPSS Score
May 22, 2021 CVE Published
Jul 24, 2021 EPSS Score
Nov 24, 2021 EPSS Score
Jan 6, 2022 EPSS Score
Jan 25, 2022 EPSS Score
Mar 27, 2022 EPSS Score
Apr 1, 2022 EPSS Score
May 27, 2022 EPSS Score
Sep 28, 2022 EPSS Score
Nov 29, 2022 EPSS Score
Jan 29, 2023 EPSS Score

References

20210519 Cisco DNA Spaces Connector Command Injection Vulnerabilities vendor-advisory
https://nvd.nist.gov/vuln/detail/CVE-2021-1560 advisory

Open in Interactive Console →