CVE-2022-20958
 
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
A vulnerability in the web-based management interface of Cisco BroadWorks CommPilot application could allow an unauthenticated, remote attacker to perform a server-side request forgery (SSRF) attack on an affected device.
This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted HTTP request to the web interface. A successful exploit could allow the attacker to obtain confidential information from the BroadWorks server and other device on the network.
{{value}} ["%7b%7bvalue%7d%7d"])}]]
Una vulnerabilidad en la interfaz de administración basada en web de la aplicación Cisco BroadWorks CommPilot podría permitir que un atacante remoto no autenticado realice un ataque de Server-Side Request Forgery (SSRF) en un dispositivo afectado. Esta vulnerabilidad se debe a una validación insuficiente de la entrada proporcionada por el usuario. Un atacante podría aprovechar esta vulnerabilidad enviando una solicitud HTTP manipulada a la interfaz web. Un exploit exitoso podría permitir al atacante obtener información confidencial del servidor BroadWorks y de otros dispositivos de la red. {{value}} ["%7b%7bvalue%7d%7d"])}]]
CVSS Scores
SSVC
- Decision:-
Timeline
- 2021-11-02 CVE Reserved
- 2022-11-03 CVE Published
- 2024-06-10 EPSS Updated
- 2024-08-03 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-36: Absolute Path Traversal
- CWE-918: Server-Side Request Forgery (SSRF)
CAPEC
References (1)
URL | Tag | Source |
---|---|---|
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-broadworks-ssrf-BJeQfpp |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Cisco Search vendor "Cisco" | Broadworks Commpilot Application Search vendor "Cisco" for product "Broadworks Commpilot Application" | < 23.0 Search vendor "Cisco" for product "Broadworks Commpilot Application" and version " < 23.0" | - |
Affected
|