Lucene search

[email protected]NVD:CVE-2022-20958

HistoryNov 04, 2022 - 6:15 p.m.

CVE-2022-20958

2022-11-0418:15:11

CWE-918

CWE-36

[email protected]

web.nvd.nist.gov

cisco

broadworks

commpilot

vulnerability

unauthenticated attacker

server-side request forgery

http request.

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

0.002 Low

EPSS

Percentile

59.0%

JSON

A vulnerability in the web-based management interface of Cisco BroadWorks CommPilot application could allow an unauthenticated, remote attacker to perform a server-side request forgery (SSRF) attack on an affected device.

This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted HTTP request to the web interface. A successful exploit could allow the attacker to obtain confidential information from the BroadWorks server and other device on the network.

{{value}} [“%7b%7bvalue%7d%7d”])}]]

Affected configurations

NVD

Node

ciscobroadworks_commpilot_applicationRange<23.0

References

sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-broadworks-ssrf-BJeQfpp

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

0.002 Low

EPSS

Percentile

59.0%

JSON

Related for NVD:CVE-2022-20958

cve1 prion1 cvelist1 cisco1