CVE-2025-20308
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
Summary
A vulnerability in Cisco Spaces Connector could allow an authenticated, local attacker to elevate privileges and execute arbitrary commands on the underlying operating system as root.
This vulnerability is due to insufficient restrictions during the execution of specific CLI commands. An attacker could exploit this vulnerability by logging in to the Cisco Spaces Connector CLI as the spacesadmin user and executing a specific command with crafted parameters. A successful exploit could allow the attacker to elevate privileges from the spacesadmin user and execute arbitrary commands on the underlying operating system as root.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Cisco | Cisco DNA Spaces Connector | Connector 3 Jan 2023 | affected |
| Cisco | Cisco DNA Spaces Connector | Connector 3-May 2023 | affected |
| Cisco | Cisco DNA Spaces Connector | Connector 3-Jan 2024 | affected |
| Cisco | Cisco DNA Spaces Connector | Connector 3-Jun 2024 | affected |
| Cisco | Cisco DNA Spaces Connector | Connector 3-May 2024 | affected |
| Cisco | Cisco DNA Spaces Connector | Connector 3-Jul 2024 | affected |
| Cisco | Cisco DNA Spaces Connector | Connector 3-Jan 2025 | affected |
Weaknesses
- CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: total
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.