Search
Total
1192 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-33721 | 1 Siemens | 1 Sinec Network Management System | 2021-08-17 | 9.0 HIGH | 7.2 HIGH |
| A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2). The affected application incorrectly neutralizes special elements when creating batch operations which could lead to command injection. An authenticated remote attacker with administrative privileges could exploit this vulnerability to execute arbitrary code on the system with system privileges. | |||||
| CVE-2021-20074 | 1 Racom | 2 M\!dge, M\!dge Firmware | 2021-08-17 | 9.0 HIGH | 8.8 HIGH |
| Racom's MIDGE Firmware 4.4.40.105 contains an issue that allows users to escape the provided command line interface and execute arbitrary OS commands. | |||||
| CVE-2021-21585 | 1 Dell | 1 Openmanage Enterprise | 2021-08-13 | 9.0 HIGH | 7.2 HIGH |
| Dell OpenManage Enterprise versions prior to 3.6.1 contain an OS command injection vulnerability in RACADM and IPMI tools. A remote authenticated malicious user with high privileges may potentially exploit this vulnerability to execute arbitrary OS commands. | |||||
| CVE-2021-26097 | 1 Fortinet | 1 Fortisandbox | 2021-08-10 | 6.5 MEDIUM | 8.8 HIGH |
| An improper neutralization of special elements used in an OS Command vulnerability in FortiSandbox 3.2.0 through 3.2.2, 3.1.0 through 3.1.4, and 3.0.0 through 3.0.6 may allow an authenticated attacker with access to the web GUI to execute unauthorized code or commands via specifically crafted HTTP requests. | |||||
| CVE-2019-14904 | 2 Debian, Redhat | 2 Debian Linux, Ansible | 2021-08-07 | 6.1 MEDIUM | 7.3 HIGH |
| A flaw was found in the solaris_zone module from the Ansible Community modules. When setting the name for the zone on the Solaris host, the zone name is checked by listing the process with the 'ps' bare command on the remote machine. An attacker could take advantage of this flaw by crafting the name of the zone and executing arbitrary commands in the remote host. Ansible Engine 2.7.15, 2.8.7, and 2.9.2 as well as previous versions are affected. | |||||
| CVE-2021-3198 | 1 Ivanti | 1 Mobileiron | 2021-08-02 | 9.0 HIGH | 7.2 HIGH |
| By abusing the 'install rpm url' command, an attacker can escape the restricted clish shell on affected versions of Ivanti MobileIron Core. This issue was fixed in version 11.1.0.0. | |||||
| CVE-2021-32751 | 1 Gradle | 1 Gradle | 2021-07-30 | 8.5 HIGH | 7.5 HIGH |
| Gradle is a build tool with a focus on build automation. In versions prior to 7.2, start scripts generated by the `application` plugin and the `gradlew` script are both vulnerable to arbitrary code execution when an attacker is able to change environment variables for the user running the script. This may impact those who use `gradlew` on Unix-like systems or use the scripts generated by Gradle in thieir application on Unix-like systems. For this vulnerability to be exploitable, an attacker needs to be able to set the value of particular environment variables and have those environment variables be seen by the vulnerable scripts. This issue has been patched in Gradle 7.2 by removing the use of `eval` and requiring the use of the `bash` shell. There are a few workarounds available. For CI/CD systems using the Gradle build tool, one may ensure that untrusted users are unable to change environment variables for the user that executes `gradlew`. If one is unable to upgrade to Gradle 7.2, one may generate a new `gradlew` script with Gradle 7.2 and use it for older versions of Gradle. Fpplications using start scripts generated by Gradle, one may ensure that untrusted users are unable to change environment variables for the user that executes the start script. A vulnerable start script could be manually patched to remove the use of `eval` or the use of environment variables that affect the application's command-line. If the application is simple enough, one may be able to avoid the use of the start scripts by running the application directly with Java command. | |||||
| CVE-2021-33532 | 1 Weidmueller | 16 Ie-wl-bl-ap-cl-eu, Ie-wl-bl-ap-cl-eu Firmware, Ie-wl-bl-ap-cl-us and 13 more | 2021-07-27 | 9.0 HIGH | 8.8 HIGH |
| In Weidmueller Industrial WLAN devices in multiple versions an exploitable command injection vulnerability exists in the iw_webs functionality. A specially crafted diagnostic script file name can cause user input to be reflected in a subsequent iw_system call, resulting in remote control over the device. An attacker can send commands while authenticated as a low privilege user to trigger this vulnerability. | |||||
| CVE-2021-33530 | 1 Weidmueller | 16 Ie-wl-bl-ap-cl-eu, Ie-wl-bl-ap-cl-eu Firmware, Ie-wl-bl-ap-cl-us and 13 more | 2021-07-27 | 9.0 HIGH | 8.8 HIGH |
| In Weidmueller Industrial WLAN devices in multiple versions an exploitable command injection vulnerability exists in encrypted diagnostic script functionality of the devices. A specially crafted diagnostic script file can cause arbitrary busybox commands to be executed, resulting in remote control over the device. An attacker can send diagnostic while authenticated as a low privilege user to trigger this vulnerability. | |||||
| CVE-2021-33533 | 1 Weidmueller | 16 Ie-wl-bl-ap-cl-eu, Ie-wl-bl-ap-cl-eu Firmware, Ie-wl-bl-ap-cl-us and 13 more | 2021-07-27 | 9.0 HIGH | 8.8 HIGH |
| In Weidmueller Industrial WLAN devices in multiple versions an exploitable command injection vulnerability exists in the iw_webs functionality. A specially crafted iw_serverip parameter can cause user input to be reflected in a subsequent iw_system call, resulting in remote control over the device. An attacker can send commands while authenticated as a low privilege user to trigger this vulnerability. | |||||
| CVE-2019-20703 | 1 Netgear | 6 D3600, D3600 Firmware, D6000 and 3 more | 2021-07-21 | 5.2 MEDIUM | 8.0 HIGH |
| Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D3600 before 1.0.0.76, D6000 before 1.0.0.76, and XR500 before 2.3.2.32. | |||||
| CVE-2019-20705 | 1 Netgear | 6 D3600, D3600 Firmware, D6000 and 3 more | 2021-07-21 | 5.2 MEDIUM | 8.0 HIGH |
| Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D3600 before 1.0.0.76, D6000 before 1.0.0.76, and XR500 before 2.3.2.32. | |||||
| CVE-2020-26118 | 1 Smartbear | 1 Collaborator | 2021-07-21 | 9.0 HIGH | 8.8 HIGH |
| In SmartBear Collaborator Server through 13.3.13302, use of the Google Web Toolkit (GWT) API introduces a post-authentication Java deserialization vulnerability. The application's UpdateMemento class accepts a serialized Java object directly from the user without properly sanitizing it. A malicious object can be submitted to the server via an authenticated attacker to execute commands on the underlying system. | |||||
| CVE-2019-12430 | 1 Gitlab | 1 Gitlab | 2021-07-21 | 6.5 MEDIUM | 8.8 HIGH |
| An issue was discovered in GitLab Community and Enterprise Edition 11.11. A specially crafted payload would allow an authenticated malicious user to execute commands remotely through the repository download feature. It allows Command Injection. | |||||
| CVE-2019-4713 | 1 Ibm | 2 Guardium Data Encryption, Guardium For Cloud Key Management | 2021-07-21 | 9.0 HIGH | 8.8 HIGH |
| IBM Security Guardium Data Encryption (GDE) 3.0.0.2 could allow a remote authenticated attacker to execute arbitrary commands on the system. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary commands on the system. IBM X-Force ID: 172084. | |||||
| CVE-2020-14441 | 1 Netgear | 24 Rbk752, Rbk752 Firmware, Rbk753 and 21 more | 2021-07-21 | 5.8 MEDIUM | 8.8 HIGH |
| Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects RBK752 before 3.2.15.25, RBK753 before 3.2.15.25, RBK753S before 3.2.15.25, RBR750 before 3.2.15.25, RBS750 before 3.2.15.25, RBK842 before 3.2.15.25, RBR840 before 3.2.15.25, RBS840 before 3.2.15.25, RBK852 before 3.2.15.25, RBK853 before 3.2.15.25, RBR850 before 3.2.15.25, and RBS850 before 3.2.15.25. | |||||
| CVE-2020-14440 | 1 Netgear | 24 Rbk752, Rbk752 Firmware, Rbk753 and 21 more | 2021-07-21 | 5.8 MEDIUM | 8.8 HIGH |
| Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects RBK752 before 3.2.15.25, RBK753 before 3.2.15.25, RBK753S before 3.2.15.25, RBR750 before 3.2.15.25, RBS750 before 3.2.15.25, RBK842 before 3.2.15.25, RBR840 before 3.2.15.25, RBS840 before 3.2.15.25, RBK852 before 3.2.15.25, RBK853 before 3.2.15.25, RBR850 before 3.2.15.25, and RBS850 before 3.2.15.25. | |||||
| CVE-2019-20711 | 1 Netgear | 6 D3600, D3600 Firmware, D6000 and 3 more | 2021-07-21 | 5.2 MEDIUM | 8.0 HIGH |
| Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D3600 before 1.0.0.76, D6000 before 1.0.0.76, and XR500 before 2.3.2.32. | |||||
| CVE-2020-14439 | 1 Netgear | 24 Rbk752, Rbk752 Firmware, Rbk753 and 21 more | 2021-07-21 | 5.8 MEDIUM | 8.8 HIGH |
| Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects RBK752 before 3.2.15.25, RBK753 before 3.2.15.25, RBK753S before 3.2.15.25, RBR750 before 3.2.15.25, RBS750 before 3.2.15.25, RBK842 before 3.2.15.25, RBR840 before 3.2.15.25, RBS840 before 3.2.15.25, RBK852 before 3.2.15.25, RBK853 before 3.2.15.25, RBR850 before 3.2.15.25, and RBS850 before 3.2.15.25. | |||||
| CVE-2019-20707 | 1 Netgear | 4 R7800, R7800 Firmware, Xr500 and 1 more | 2021-07-21 | 5.2 MEDIUM | 8.0 HIGH |
| Certain NETGEAR devices are affected by command injection by an authenticated user. This affects R7800 before 1.0.2.60 and XR500 before 2.3.2.32. | |||||
| CVE-2020-14438 | 1 Netgear | 24 Rbk752, Rbk752 Firmware, Rbk753 and 21 more | 2021-07-21 | 5.8 MEDIUM | 8.8 HIGH |
| Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects RBK752 before 3.2.15.25, RBK753 before 3.2.15.25, RBK753S before 3.2.15.25, RBR750 before 3.2.15.25, RBS750 before 3.2.15.25, RBK842 before 3.2.15.25, RBR840 before 3.2.15.25, RBS840 before 3.2.15.25, RBK852 before 3.2.15.25, RBK853 before 3.2.15.25, RBR850 before 3.2.15.25, and RBS850 before 3.2.15.25. | |||||
| CVE-2019-20709 | 1 Netgear | 6 D3600, D3600 Firmware, D6000 and 3 more | 2021-07-21 | 5.2 MEDIUM | 8.0 HIGH |
| Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D3600 before 1.0.0.76, D6000 before 1.0.0.76, and XR500 before 2.3.2.32. | |||||
| CVE-2019-20706 | 1 Netgear | 4 R7800, R7800 Firmware, Xr500 and 1 more | 2021-07-21 | 5.2 MEDIUM | 8.0 HIGH |
| Certain NETGEAR devices are affected by command injection by an authenticated user. This affects R7800 before 1.0.2.60 and XR500 before 2.3.2.32. | |||||
| CVE-2020-14437 | 1 Netgear | 24 Rbk752, Rbk752 Firmware, Rbk753 and 21 more | 2021-07-21 | 5.8 MEDIUM | 8.8 HIGH |
| Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects RBK752 before 3.2.15.25, RBK753 before 3.2.15.25, RBK753S before 3.2.15.25, RBR750 before 3.2.15.25, RBS750 before 3.2.15.25, RBK842 before 3.2.15.25, RBR840 before 3.2.15.25, RBS840 before 3.2.15.25, RBK852 before 3.2.15.25, RBK853 before 3.2.15.25, RBR850 before 3.2.15.25, and RBS850 before 3.2.15.25. | |||||
| CVE-2019-20701 | 1 Netgear | 6 D3600, D3600 Firmware, D6000 and 3 more | 2021-07-21 | 5.2 MEDIUM | 8.0 HIGH |
| Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D3600 before 1.0.0.76, D6000 before 1.0.0.76, and XR500 before 2.3.2.32. | |||||
| CVE-2019-20761 | 1 Netgear | 2 R7800, R7800 Firmware | 2021-07-21 | 5.2 MEDIUM | 8.0 HIGH |
| NETGEAR R7800 devices before 1.0.2.62 are affected by command injection by an authenticated user. | |||||
| CVE-2019-20702 | 1 Netgear | 6 D3600, D3600 Firmware, D6000 and 3 more | 2021-07-21 | 5.2 MEDIUM | 8.0 HIGH |
| Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D3600 before 1.0.0.76, D6000 before 1.0.0.76, and XR500 before 2.3.2.32. | |||||
| CVE-2019-20708 | 1 Netgear | 6 D3600, D3600 Firmware, D6000 and 3 more | 2021-07-21 | 5.2 MEDIUM | 8.0 HIGH |
| Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D3600 before 1.0.0.76, D6000 before 1.0.0.76, and XR500 before 2.3.2.32. | |||||
| CVE-2019-20710 | 1 Netgear | 6 D3600, D3600 Firmware, D6000 and 3 more | 2021-07-21 | 5.2 MEDIUM | 8.0 HIGH |
| Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D3600 before 1.0.0.76, D6000 before 1.0.0.76, and XR500 before 2.3.2.32. | |||||
| CVE-2019-20704 | 1 Netgear | 6 D3600, D3600 Firmware, D6000 and 3 more | 2021-07-21 | 5.2 MEDIUM | 8.0 HIGH |
| Certain NETGEAR devices are affected by command injection by an authenticated user. This affects D3600 before 1.0.0.76, D6000 before 1.0.0.76, and XR500 before 2.3.2.32. | |||||
| CVE-2020-9242 | 1 Huawei | 1 Fusioncompute | 2021-07-21 | 6.5 MEDIUM | 8.8 HIGH |
| FusionCompute 8.0.0 have a command injection vulnerability. The software does not sufficiently validate certain parameters post from user, successful exploit could allow an authenticated attacker to launch a command injection attack. | |||||
| CVE-2020-14442 | 1 Netgear | 24 Rbk752, Rbk752 Firmware, Rbk753 and 21 more | 2021-07-21 | 5.8 MEDIUM | 8.8 HIGH |
| Certain NETGEAR devices are affected by command injection by an unauthenticated attacker. This affects RBK752 before 3.2.15.25, RBK753 before 3.2.15.25, RBK753S before 3.2.15.25, RBR750 before 3.2.15.25, RBS750 before 3.2.15.25, RBK842 before 3.2.15.25, RBR840 before 3.2.15.25, RBS840 before 3.2.15.25, RBK852 before 3.2.15.25, RBK853 before 3.2.15.25, RBR850 before 3.2.15.25, and RBS850 before 3.2.15.25. | |||||
| CVE-2021-20739 | 1 Elecom | 22 Wrc-300febk, Wrc-300febk Firmware, Wrc-733febk and 19 more | 2021-07-10 | 5.8 MEDIUM | 8.8 HIGH |
| WRC-300FEBK, WRC-F300NF, WRC-733FEBK, WRH-300RD, WRH-300BK, WRH-300SV, WRH-300WH, WRH-H300WH, WRH-H300BK, WRH-300BK-S, and WRH-300WH-S all versions allows an unauthenticated network-adjacent attacker to execute an arbitrary OS command via unspecified vectors. | |||||
| CVE-2021-33534 | 1 Weidmueller | 16 Ie-wl-bl-ap-cl-eu, Ie-wl-bl-ap-cl-eu Firmware, Ie-wl-bl-ap-cl-us and 13 more | 2021-07-08 | 9.0 HIGH | 7.2 HIGH |
| In Weidmueller Industrial WLAN devices in multiple versions an exploitable command injection vulnerability exists in the hostname functionality. A specially crafted entry to network configuration information can cause execution of arbitrary system commands, resulting in full control of the device. An attacker can send various requests while authenticated as a high privilege user to trigger this vulnerability. | |||||
| CVE-2018-15877 | 1 Plainview Activity Monitor Project | 1 Plainview Activity Monitor | 2021-07-07 | 9.0 HIGH | 8.8 HIGH |
| The Plainview Activity Monitor plugin before 20180826 for WordPress is vulnerable to OS command injection via shell metacharacters in the ip parameter of a wp-admin/admin.php?page=plainview_activity_monitor&tab=activity_tools request. | |||||
| CVE-2021-20740 | 2 Hitachi, Nec | 13 Virtual File Platform, Nas Gateway Nh4a, Nas Gateway Nh4a Firmware and 10 more | 2021-07-06 | 9.0 HIGH | 8.8 HIGH |
| Hitachi Virtual File Platform Versions prior to 5.5.3-09 and Versions prior to 6.4.3-09, and NEC Storage M Series NAS Gateway Nh4a/Nh8a versions prior to FOS 5.5.3-08(NEC2.5.4a) and Nh4b/Nh8b, Nh4c/Nh8c versions prior to FOS 6.4.3-08(NEC3.4.2) allow remote authenticated attackers to execute arbitrary OS commands with root privileges via unspecified vectors. | |||||
| CVE-2021-20745 | 1 Inkdrop | 1 Inkdrop | 2021-07-02 | 9.3 HIGH | 7.8 HIGH |
| Inkdrop versions prior to v5.3.1 allows an attacker to execute arbitrary OS commands on the system where it runs by loading a file or code snippet containing an invalid iframe into Inkdrop. | |||||
| CVE-2020-9478 | 1 Rubrik | 1 Cdm | 2021-07-01 | 9.0 HIGH | 8.8 HIGH |
| An issue was discovered in Rubrik 5.0.3-2296. An OS command injection vulnerability allows an authenticated attacker to remotely execute arbitrary code on Rubrik-managed systems. | |||||
| CVE-2021-31769 | 1 Myq-solution | 1 Myq Server | 2021-06-28 | 9.0 HIGH | 8.8 HIGH |
| MyQ Server in MyQ X Smart before 8.2 allows remote code execution by unprivileged users because administrative session data can be read in the %PROGRAMFILES%\MyQ\PHP\Sessions directory. The "Select server file" feature is only intended for administrators but actually does not require authorization. An attacker can inject arbitrary OS commands (such as commands to create new .php files) via the Task Scheduler component. | |||||
| CVE-2020-15778 | 3 Broadcom, Netapp, Openbsd | 10 Fabric Operating System, A700s, A700s Firmware and 7 more | 2021-06-22 | 6.8 MEDIUM | 7.8 HIGH |
| ** DISPUTED ** scp in OpenSSH through 8.3p1 allows command injection in the scp.c toremote function, as demonstrated by backtick characters in the destination argument. NOTE: the vendor reportedly has stated that they intentionally omit validation of "anomalous argument transfers" because that could "stand a great chance of breaking existing workflows." | |||||
| CVE-2021-33358 | 1 Raspap | 1 Raspap | 2021-06-21 | 9.0 HIGH | 8.8 HIGH |
| Multiple vulnerabilities exist in RaspAP 2.3 to 2.6.5 in the "interface", "ssid" and "wpa_passphrase" POST parameters in /hostapd, when the parameter values contain special characters such as ";" or "$()" which enables an authenticated attacker to execute arbitrary OS commands. | |||||
| CVE-2021-20731 | 1 Buffalo | 4 Wsr-1166dhp3, Wsr-1166dhp3 Firmware, Wsr-1166dhp4 and 1 more | 2021-06-16 | 8.3 HIGH | 8.8 HIGH |
| WSR-1166DHP3 firmware Ver.1.16 and prior and WSR-1166DHP4 firmware Ver.1.02 and prior allow an attacker to execute arbitrary OS commands with root privileges via unspecified vectors. | |||||
| CVE-2021-1538 | 1 Cisco | 1 Common Services Platform Collector | 2021-06-14 | 9.0 HIGH | 7.2 HIGH |
| A vulnerability in the configuration dashboard of Cisco Common Services Platform Collector (CSPC) could allow an authenticated, remote attacker to execute arbitrary code. This vulnerability is due to insufficient sanitization of configuration entries. An attacker could exploit this vulnerability by logging in as a super admin and entering crafted input to configuration options on the CSPC configuration dashboard. A successful exploit could allow the attacker to execute remote code as root. | |||||
| CVE-2021-28812 | 1 Qnap | 4 Qts, Quts Hero, Qutscloud and 1 more | 2021-06-11 | 6.5 MEDIUM | 8.8 HIGH |
| A command injection vulnerability has been reported to affect certain versions of Video Station. If exploited, this vulnerability allows remote attackers to execute arbitrary commands. This issue affects: QNAP Systems Inc. Video Station versions prior to 5.5.4 on QTS 4.5.2; versions prior to 5.5.4 on QuTS hero h4.5.2; versions prior to 5.5.4 on QuTScloud c4.5.4. This issue does not affect: QNAP Systems Inc. Video Station on QTS 4.3.6; on QTS 4.3.3. | |||||
| CVE-2021-22123 | 1 Fortinet | 1 Fortiweb | 2021-06-10 | 9.0 HIGH | 8.8 HIGH |
| An OS command injection vulnerability in FortiWeb's management interface 6.3.7 and below, 6.2.3 and below, 6.1.x, 6.0.x, 5.9.x may allow a remote authenticated attacker to execute arbitrary commands on the system via the SAML server configuration page. | |||||
| CVE-2021-20026 | 1 Sonicwall | 1 Network Security Manager | 2021-06-08 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability in the SonicWall NSM On-Prem product allows an authenticated attacker to perform OS command injection using a crafted HTTP request. This vulnerability affects NSM On-Prem 2.2.0-R10 and earlier versions. | |||||
| CVE-2020-36243 | 1 Open-emr | 1 Openemr | 2021-06-01 | 9.0 HIGH | 8.8 HIGH |
| The Patient Portal of OpenEMR 5.0.2.1 is affected by a Command Injection vulnerability in /interface/main/backup.php. To exploit the vulnerability, an authenticated attacker can send a POST request that executes arbitrary OS commands via shell metacharacters. | |||||
| CVE-2021-33525 | 1 Eyesofnetwork | 1 Eyesofnetwork | 2021-05-27 | 9.0 HIGH | 8.8 HIGH |
| EyesOfNetwork eonweb through 5.3-11 allows Remote Command Execution (by authenticated users) via shell metacharacters in the nagios_path parameter to lilac/export.php, as demonstrated by %26%26+curl to insert an "&& curl" substring for the shell. | |||||
| CVE-2021-1487 | 1 Cisco | 2 Evolved Programmable Network Manager, Prime Infrastructure | 2021-05-27 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability in the web-based management interface of Cisco Prime Infrastructure and Evolved Programmable Network (EPN) Manager could allow an authenticated, remote attacker to execute arbitrary commands on an affected system. The vulnerability is due to insufficient validation of user-supplied input to the web-based management interface. An attacker could exploit this vulnerability by sending crafted HTTP requests to the interface. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system (OS) with the permissions of a special non-root user. In this way, an attacker could take control of the affected system, which would allow them to obtain and alter sensitive data. The attacker could also affect the devices that are managed by the affected system by pushing arbitrary configuration files, retrieving device credentials and confidential information, and ultimately undermining the stability of the devices, causing a denial of service (DoS) condition. | |||||
| CVE-2021-1559 | 1 Cisco | 1 Dna Spaces\ | 2021-05-27 | 9.0 HIGH | 7.2 HIGH |
| Multiple vulnerabilities in Cisco DNA Spaces Connector could allow an authenticated, remote attacker to perform a command injection attack on an affected device. These vulnerabilities are due to insufficient input sanitization when executing affected commands. A high-privileged attacker could exploit these vulnerabilities on a Cisco DNA Spaces Connector by injecting crafted input during command execution. A successful exploit could allow the attacker to execute arbitrary commands as root within the Connector docker container. | |||||