CVE-2019-15997

Name of the Vulnerable Software and Affected Versions Cisco DNA Spaces: Connector (affected versions not specified) Cisco Digital Network Architecture (DNA) Center (affected versions not specified)

Description The issue is related to insufficient validation of input data, which could allow an authenticated, local attacker to perform a command injection attack. This could enable the attacker to execute arbitrary commands on the underlying operating system as root. The vulnerability can be exploited by including malicious input during the execution of a specific command. A successful exploit could result in the attacker being able to execute arbitrary commands on the underlying operating system as root.

Recommendations For Cisco DNA Spaces: Connector, consider restricting access to the affected CLI command until a patch is available. For Cisco Digital Network Architecture (DNA) Center, restrict the execution of arbitrary code by limiting user privileges and validating user input. At the moment, there is no information about a newer version that contains a fix for this vulnerability.