CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-20958
https://notcve.org/view.php?id=CVE-2022-20958
A vulnerability in the web-based management interface of Cisco BroadWorks CommPilot application could allow an unauthenticated, remote attacker to perform a server-side request forgery (SSRF) attack on an affected device. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted HTTP request to the web interface. A successful exploit could allow the attacker to obtain confidential information from the BroadWorks server and other device on the network. {{value}} ["%7b%7bvalue%7d%7d"])}]] Una vulnerabilidad en la interfaz de administración basada en web de la aplicación Cisco BroadWorks CommPilot podría permitir que un atacante remoto no autenticado realice un ataque de Server-Side Request Forgery (SSRF) en un dispositivo afectado. Esta vulnerabilidad se debe a una validación insuficiente de la entrada proporcionada por el usuario. Un atacante podría aprovechar esta vulnerabilidad enviando una solicitud HTTP manipulada a la interfaz web. • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-broadworks-ssrf-BJeQfpp • CWE-36: Absolute Path Traversal CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0CVE-2021-34786 – Cisco BroadWorks CommPilot Application Software Vulnerabilities
https://notcve.org/view.php?id=CVE-2021-34786
Multiple vulnerabilities in Cisco BroadWorks CommPilot Application Software could allow an authenticated, remote attacker to delete arbitrary user accounts or gain elevated privileges on an affected system. Múltiples vulnerabilidades en Cisco BroadWorks CommPilot Application Software, podrían permitir a un atacante remoto y autenticado eliminar cuentas de usuario arbitrarias o alcanzar privilegios elevados en un sistema afectado • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-broadworks-dJ9JT67N • CWE-287: Improper Authentication CWE-620: Unverified Password Change •
CVSS: 7.2EPSS: 0%CPEs: 3EXPL: 0CVE-2021-34785 – Cisco BroadWorks CommPilot Application Software Vulnerabilities
https://notcve.org/view.php?id=CVE-2021-34785
Multiple vulnerabilities in Cisco BroadWorks CommPilot Application Software could allow an authenticated, remote attacker to delete arbitrary user accounts or gain elevated privileges on an affected system. Múltiples vulnerabilidades en Cisco BroadWorks CommPilot Application Software, podrían permitir a un atacante remoto y autenticado eliminar cuentas de usuario arbitrarias o alcanzar privilegios elevados en un sistema afectado • https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-broadworks-dJ9JT67N • CWE-287: Improper Authentication CWE-620: Unverified Password Change •