Volerion logoVolerion
Volerion logoVolerion

Cisco Spaces Connector Privilege Escalation Vulnerability

Vulnerability

A vulnerability exists in Cisco Spaces Connector that allows an authenticated, local attacker to elevate privileges and execute arbitrary commands on the underlying operating system as root. This issue arises from inadequate restrictions on certain CLI commands. An attacker could exploit this by logging into the Cisco Spaces Connector CLI as the spacesadmin user and executing a command with manipulated parameters. Successful exploitation would enable the attacker to gain root privileges and execute arbitrary commands on the operating system.

Impact

Exploitation of this vulnerability could lead to unauthorized privilege escalation, allowing an attacker to execute commands as the root user on the underlying operating system.

Remediation

Cisco has released a fixed version of Spaces Connector 3, available from June 2025. For upgrade instructions, consult the Cisco Security Vulnerability Policy or contact the Cisco Technical Assistance Center.

Added: Jul 2, 2025, 4:24 PM
Updated: Jul 2, 2025, 4:24 PM

Vulnerability Rating

Custom Algorithm
spread
0.3
impact
10.0
exploitability
3.0
remediation
7.7
relevance
0.2
threat
0.0
urgency
2.9
incentive
1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.