Sign-up

ID

VAR-202105-0513


CVE

CVE-2021-1559


TITLE

Cisco DNA Spaces Connector  In  OS  Command injection vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2021-007186

DESCRIPTION

Multiple vulnerabilities in Cisco DNA Spaces Connector could allow an authenticated, remote attacker to perform a command injection attack on an affected device. These vulnerabilities are due to insufficient input sanitization when executing affected commands. A high-privileged attacker could exploit these vulnerabilities on a Cisco DNA Spaces Connector by injecting crafted input during command execution. A successful exploit could allow the attacker to execute arbitrary commands as root within the Connector docker container. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. Cisco DNA Spaces is an indoor positioning service platform of Cisco (Cisco)

Trust: 2.34

sources: NVD: CVE-2021-1559 // JVNDB: JVNDB-2021-007186 // CNNVD: CNNVD-202104-975 // VULHUB: VHN-374613 // VULMON: CVE-2021-1559

AFFECTED PRODUCTS

vendor:ciscomodel:dna spaces\: connectorscope:ltversion:2.0.519

Trust: 1.0

vendor:シスコシステムズmodel:cisco dna spaces: connectorscope:eqversion: -

Trust: 0.8

vendor:シスコシステムズmodel:cisco dna spaces: connectorscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2021-007186 // NVD: CVE-2021-1559

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-1559
value: HIGH

Trust: 1.0

ykramarz@cisco.com: CVE-2021-1559
value: MEDIUM

Trust: 1.0

NVD: CVE-2021-1559
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202104-975
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-202105-1298
value: HIGH

Trust: 0.6

VULHUB: VHN-374613
value: HIGH

Trust: 0.1

VULMON: CVE-2021-1559
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2021-1559
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-374613
severity: HIGH
baseScore: 9.0
vectorString: AV:N/AC:L/AU:S/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2021-1559
baseSeverity: HIGH
baseScore: 7.2
vectorString: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.2
impactScore: 5.9
version: 3.1

Trust: 1.0

ykramarz@cisco.com: CVE-2021-1559
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: NONE
exploitabilityScore: 1.2
impactScore: 5.2
version: 3.1

Trust: 1.0

NVD: CVE-2021-1559
baseSeverity: HIGH
baseScore: 7.2
vectorString: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: HIGH
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-374613 // VULMON: CVE-2021-1559 // JVNDB: JVNDB-2021-007186 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202105-1298 // NVD: CVE-2021-1559 // NVD: CVE-2021-1559

PROBLEMTYPE DATA

problemtype:CWE-78

Trust: 1.1

problemtype:OS Command injection (CWE-78) [ Other ]

Trust: 0.8

sources: VULHUB: VHN-374613 // JVNDB: JVNDB-2021-007186 // NVD: CVE-2021-1559

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202105-1298

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202104-975

PATCH

title:cisco-sa-dnasp-conn-cmdinj-HOj4YV5nurl:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-dnasp-conn-cmdinj-HOj4YV5n

Trust: 0.8

title:Cisco DNA Spaces Connector Fixes for operating system command injection vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=152207

Trust: 0.6

title:Cisco: Cisco DNA Spaces Connector Command Injection Vulnerabilitiesurl:https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-dnasp-conn-cmdinj-HOj4YV5n

Trust: 0.1

sources: VULMON: CVE-2021-1559 // JVNDB: JVNDB-2021-007186 // CNNVD: CNNVD-202105-1298

EXTERNAL IDS

db:NVDid:CVE-2021-1559

Trust: 3.4

db:JVNDBid:JVNDB-2021-007186

Trust: 0.8

db:CS-HELPid:SB2021041363

Trust: 0.6

db:CNNVDid:CNNVD-202104-975

Trust: 0.6

db:AUSCERTid:ESB-2021.1745

Trust: 0.6

db:CS-HELPid:SB2021052008

Trust: 0.6

db:CNNVDid:CNNVD-202105-1298

Trust: 0.6

db:VULHUBid:VHN-374613

Trust: 0.1

db:VULMONid:CVE-2021-1559

Trust: 0.1

sources: VULHUB: VHN-374613 // VULMON: CVE-2021-1559 // JVNDB: JVNDB-2021-007186 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202105-1298 // NVD: CVE-2021-1559

REFERENCES

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-dnasp-conn-cmdinj-hoj4yv5n

Trust: 1.9

url:https://nvd.nist.gov/vuln/detail/cve-2021-1559

Trust: 0.8

url:https://www.cybersecurity-help.cz/vdb/sb2021041363

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021052008

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.1745

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/78.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

sources: VULHUB: VHN-374613 // VULMON: CVE-2021-1559 // JVNDB: JVNDB-2021-007186 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202105-1298 // NVD: CVE-2021-1559

SOURCES

db:VULHUBid:VHN-374613
db:VULMONid:CVE-2021-1559
db:JVNDBid:JVNDB-2021-007186
db:CNNVDid:CNNVD-202104-975
db:CNNVDid:CNNVD-202105-1298
db:NVDid:CVE-2021-1559

LAST UPDATE DATE

2024-08-14T12:59:05.953000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-374613date:2021-05-27T00:00:00
db:VULMONid:CVE-2021-1559date:2021-05-27T00:00:00
db:JVNDBid:JVNDB-2021-007186date:2022-02-03T08:31:00
db:CNNVDid:CNNVD-202104-975date:2021-04-14T00:00:00
db:CNNVDid:CNNVD-202105-1298date:2021-05-28T00:00:00
db:NVDid:CVE-2021-1559date:2023-11-07T03:28:37.633

SOURCES RELEASE DATE

db:VULHUBid:VHN-374613date:2021-05-22T00:00:00
db:VULMONid:CVE-2021-1559date:2021-05-22T00:00:00
db:JVNDBid:JVNDB-2021-007186date:2022-02-03T00:00:00
db:CNNVDid:CNNVD-202104-975date:2021-04-13T00:00:00
db:CNNVDid:CNNVD-202105-1298date:2021-05-20T00:00:00
db:NVDid:CVE-2021-1559date:2021-05-22T07:15:07.927