ID
VAR-202105-0514
CVE
CVE-2021-1560
TITLE
Cisco DNA Spaces Connector In OS Command injection vulnerability
Trust: 0.8
sources:
JVNDB: JVNDB-2021-007187
DESCRIPTION
Multiple vulnerabilities in Cisco DNA Spaces Connector could allow an authenticated, remote attacker to perform a command injection attack on an affected device. These vulnerabilities are due to insufficient input sanitization when executing affected commands. A high-privileged attacker could exploit these vulnerabilities on a Cisco DNA Spaces Connector by injecting crafted input during command execution. A successful exploit could allow the attacker to execute arbitrary commands as root within the Connector docker container. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. Cisco DNA Spaces is an indoor positioning service platform of Cisco (Cisco)
Trust: 2.34
sources:
NVD: CVE-2021-1560 //
JVNDB: JVNDB-2021-007187 //
CNNVD: CNNVD-202104-975 //
VULHUB: VHN-374614 //
VULMON: CVE-2021-1560
AFFECTED PRODUCTS
| vendor: | cisco | model: | dna spaces\: connector | scope: | lt | version: | 2.0.519 | Trust: 1.0 |
| vendor: | シスコシステムズ | model: | cisco dna spaces: connector | scope: | eq | version: | - | Trust: 0.8 |
| vendor: | シスコシステムズ | model: | cisco dna spaces: connector | scope: | - | version: | - | Trust: 0.8 |
sources:
JVNDB: JVNDB-2021-007187 //
NVD: CVE-2021-1560
CVSS
SEVERITY | CVSSV2 | CVSSV3 | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
|
sources:
VULHUB: VHN-374614 //
JVNDB: JVNDB-2021-007187 //
CNNVD: CNNVD-202105-1297 //
CNNVD: CNNVD-202104-975 //
NVD: CVE-2021-1560 //
NVD: CVE-2021-1560
PROBLEMTYPE DATA
| problemtype: | CWE-77 | Trust: 1.1 |
| problemtype: | CWE-78 | Trust: 1.0 |
| problemtype: | OS Command injection (CWE-78) [NVD Evaluation ] | Trust: 0.8 |
sources:
VULHUB: VHN-374614 //
JVNDB: JVNDB-2021-007187 //
NVD: CVE-2021-1560
THREAT TYPE
remote
Trust: 0.6
sources:
CNNVD: CNNVD-202105-1297
TYPE
command injection
Trust: 0.6
sources:
CNNVD: CNNVD-202105-1297
PATCH
| title: | cisco-sa-dnasp-conn-cmdinj-HOj4YV5n | url: | https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-dnasp-conn-cmdinj-HOj4YV5n | Trust: 0.8 |
| title: | Cisco Repair measures for operating system command injection vulnerabilities in many products | url: | http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=152206 | Trust: 0.6 |
| title: | Cisco: Cisco DNA Spaces Connector Command Injection Vulnerabilities | url: | https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-dnasp-conn-cmdinj-HOj4YV5n | Trust: 0.1 |
sources:
VULMON: CVE-2021-1560 //
JVNDB: JVNDB-2021-007187 //
CNNVD: CNNVD-202105-1297
EXTERNAL IDS
| db: | NVD | id: | CVE-2021-1560 | Trust: 3.4 |
| db: | JVNDB | id: | JVNDB-2021-007187 | Trust: 0.8 |
| db: | CS-HELP | id: | SB2021052008 | Trust: 0.6 |
| db: | AUSCERT | id: | ESB-2021.1745 | Trust: 0.6 |
| db: | CNNVD | id: | CNNVD-202105-1297 | Trust: 0.6 |
| db: | CS-HELP | id: | SB2021041363 | Trust: 0.6 |
| db: | CNNVD | id: | CNNVD-202104-975 | Trust: 0.6 |
| db: | VULHUB | id: | VHN-374614 | Trust: 0.1 |
| db: | VULMON | id: | CVE-2021-1560 | Trust: 0.1 |
sources:
VULHUB: VHN-374614 //
VULMON: CVE-2021-1560 //
JVNDB: JVNDB-2021-007187 //
CNNVD: CNNVD-202105-1297 //
CNNVD: CNNVD-202104-975 //
NVD: CVE-2021-1560
REFERENCES
| url: | https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-dnasp-conn-cmdinj-hoj4yv5n | Trust: 1.9 |
| url: | https://nvd.nist.gov/vuln/detail/cve-2021-1560 | Trust: 1.4 |
| url: | https://www.cybersecurity-help.cz/vdb/sb2021052008 | Trust: 0.6 |
| url: | https://www.auscert.org.au/bulletins/esb-2021.1745 | Trust: 0.6 |
| url: | https://www.cybersecurity-help.cz/vdb/sb2021041363 | Trust: 0.6 |
| url: | https://nvd.nist.gov | Trust: 0.1 |
sources:
VULHUB: VHN-374614 //
VULMON: CVE-2021-1560 //
JVNDB: JVNDB-2021-007187 //
CNNVD: CNNVD-202105-1297 //
CNNVD: CNNVD-202104-975 //
NVD: CVE-2021-1560
SOURCES
| db: | VULHUB | id: | VHN-374614 |
| db: | VULMON | id: | CVE-2021-1560 |
| db: | JVNDB | id: | JVNDB-2021-007187 |
| db: | CNNVD | id: | CNNVD-202105-1297 |
| db: | CNNVD | id: | CNNVD-202104-975 |
| db: | NVD | id: | CVE-2021-1560 |
LAST UPDATE DATE
2024-08-14T12:36:25.600000+00:00
SOURCES UPDATE DATE
| db: | VULHUB | id: | VHN-374614 | date: | 2022-04-26T00:00:00 |
| db: | VULMON | id: | CVE-2021-1560 | date: | 2021-05-22T00:00:00 |
| db: | JVNDB | id: | JVNDB-2021-007187 | date: | 2022-02-03T08:31:00 |
| db: | CNNVD | id: | CNNVD-202105-1297 | date: | 2022-04-27T00:00:00 |
| db: | CNNVD | id: | CNNVD-202104-975 | date: | 2021-04-14T00:00:00 |
| db: | NVD | id: | CVE-2021-1560 | date: | 2023-11-07T03:28:37.813 |
SOURCES RELEASE DATE
| db: | VULHUB | id: | VHN-374614 | date: | 2021-05-22T00:00:00 |
| db: | VULMON | id: | CVE-2021-1560 | date: | 2021-05-22T00:00:00 |
| db: | JVNDB | id: | JVNDB-2021-007187 | date: | 2022-02-03T00:00:00 |
| db: | CNNVD | id: | CNNVD-202105-1297 | date: | 2021-05-20T00:00:00 |
| db: | CNNVD | id: | CNNVD-202104-975 | date: | 2021-04-13T00:00:00 |
| db: | NVD | id: | CVE-2021-1560 | date: | 2021-05-22T07:15:07.967 |