Server-Side Request Forgery Vulnerability in Cisco BroadWorks CommPilot Application
CVE-2022-20958

8.3HIGH

Key Information:

Vendor: Cisco
Status: Cisco Broadworks
Vendor: CVE Published:; 4 November 2022

Badges

👾 Exploit Exists

Summary

A vulnerability exists within the web-based management interface of the Cisco BroadWorks CommPilot application that could allow unauthenticated remote attackers to conduct Server-Side Request Forgery (SSRF) attacks. This vulnerability arises from the inadequate validation of user-provided input. By crafting a malicious HTTP request targeted at the web interface, an attacker may exploit this issue, leading to the potential exposure of sensitive information stored on the BroadWorks server and other devices within the network. For detailed information, refer to the Cisco advisory.

Affected Version(s)

Cisco BroadWorks 24.0 ap375672

Cisco BroadWorks 24.0 ap375655

Cisco BroadWorks 24.0 ap376979

References

https://sec.cloudapps.cisco.com/security/center/content/C...

CVSS V3.1

Score:

8.3

Severity:

HIGH

Confidentiality:

High

Integrity:

Low

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

👾
Exploit known to exist
Aug 3, 2024
Vulnerability published
Nov 4, 2022
Vulnerability Reserved
Nov 2, 2021