Lucene search

[email protected]NVD:CVE-2022-20958

HistoryNov 04, 2022 - 6:15 p.m.

CVE-2022-20958

2022-11-0418:15:11

CWE-918

CWE-36

[email protected]

web.nvd.nist.gov

cisco

broadworks

commpilot

vulnerability

unauthenticated attacker

server-side request forgery

http request.

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

0.002

Percentile

59.0%

JSON

A vulnerability in the web-based management interface of Cisco BroadWorks CommPilot application could allow an unauthenticated, remote attacker to perform a server-side request forgery (SSRF) attack on an affected device.

This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted HTTP request to the web interface. A successful exploit could allow the attacker to obtain confidential information from the BroadWorks server and other device on the network.

{{value}} [“%7b%7bvalue%7d%7d”])}]]

Affected configurations

Nvd

Node

ciscobroadworks_commpilot_applicationRange<23.0

VendorProductVersionCPE
ciscobroadworks_commpilot_application*cpe:2.3:a:cisco:broadworks_commpilot_application:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
cisco	broadworks_commpilot_application	*	cpe:2.3:a:cisco:broadworks_commpilot_application::::::::

References

sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-broadworks-ssrf-BJeQfpp

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

0.002

Percentile

59.0%

JSON

Related for NVD:CVE-2022-20958

cve1 cvelist1 prion1 cisco1