CVE-2019-15996

Name of the Vulnerable Software and Affected Versions Cisco DNA Spaces: Connector (affected versions not specified) Cisco Digital Network Architecture (DNA) Center (affected versions not specified)

Description The issue is related to insufficient restrictions during the execution of a CLI command, allowing an authenticated, local attacker to elevate privileges and execute arbitrary commands on the underlying operating system as root. This could be achieved by modifying sensitive files, leveraging the insufficient restrictions. A successful exploit could result in the attacker gaining the ability to execute arbitrary commands on the system.

Recommendations For Cisco DNA Spaces: Connector, consider restricting access to the affected CLI command until a fix is available. For Cisco Digital Network Architecture (DNA) Center, restrict privilege management to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.