Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Cisco DNA Spaces Connector Command Injection Vulnerabilities
Vulnerability Description
Multiple vulnerabilities in Cisco DNA Spaces Connector could allow an authenticated, remote attacker to perform a command injection attack on an affected device. These vulnerabilities are due to insufficient input sanitization when executing affected commands. A high-privileged attacker could exploit these vulnerabilities on a Cisco DNA Spaces Connector by injecting crafted input during command execution. A successful exploit could allow the attacker to execute arbitrary commands as root within the Connector docker container.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
Vulnerability Type
OS命令中使用的特殊元素转义处理不恰当(OS命令注入)
Vulnerability Title
Cisco DNA Spaces 命令注入漏洞
Vulnerability Description
Cisco DNA Spaces是美国思科(Cisco)公司的一套室内定位服务平台。 Cisco DNA Spaces Connector 2.0.519之前版本存在命令注入漏洞,该漏洞源于输入验证不当。攻击者可利用该漏洞目标系统上执行任意的操作系统命令。
CVSS Information
N/A
Vulnerability Type
N/A