Server-Side Request Forgery Vulnerability in Cisco BroadWorks CommPilot Application
CVE-2022-20951

7.7HIGH

Key Information:

Vendor: Cisco
Status: Cisco Broadworks
Vendor: CVE Published:; 4 November 2022

Badges

👾 Exploit Exists

What is CVE-2022-20951?

A vulnerability in the web-based management interface of Cisco's BroadWorks CommPilot application allows authenticated, remote attackers to execute a server-side request forgery (SSRF) attack. This vulnerability stems from inadequate validation of user-provided input. An attacker can exploit this weakness by sending a specially crafted HTTP request to the web interface, potentially gaining access to confidential information from the BroadWorks server and other devices on the network.

Affected Version(s)

Cisco BroadWorks 24.0 ap375672

Cisco BroadWorks 24.0 ap375655

Cisco BroadWorks 24.0 ap376979

References

https://sec.cloudapps.cisco.com/security/center/content/C...

CVSS V3.1

Score:

7.7

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

👾
Exploit known to exist
Aug 3, 2024
Vulnerability published
Nov 4, 2022
Vulnerability Reserved
Nov 2, 2021