ID
VAR-202211-0677
CVE
CVE-2022-20951
TITLE
Cisco Systems Cisco BroadWorks Messaging Server Server-side request forgery vulnerability in
Trust: 0.8
DESCRIPTION
A vulnerability in the web-based management interface of Cisco BroadWorks CommPilot application could allow an authenticated, remote attacker to perform a server-side request forgery (SSRF) attack on an affected device. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted HTTP request to the web interface. A successful exploit could allow the attacker to obtain confidential information from the BroadWorks server and other device on the network. {{value}} ["%7b%7bvalue%7d%7d"])}]] . Cisco Systems Cisco BroadWorks Messaging Server Contains a server-side request forgery vulnerability.Information may be obtained
Trust: 1.71
AFFECTED PRODUCTS
| vendor: | cisco | model: | broadworks messaging server | scope: | lt | version: | 23.0 | Trust: 1.0 |
| vendor: | シスコシステムズ | model: | cisco broadworks messaging server | scope: | eq | version: | - | Trust: 0.8 |
| vendor: | シスコシステムズ | model: | cisco broadworks messaging server | scope: | eq | version: | 23.0 | Trust: 0.8 |
CVSS
SEVERITY | CVSSV2 | CVSSV3 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
PROBLEMTYPE DATA
| problemtype: | CWE-918 | Trust: 1.1 |
| problemtype: | Server-side request forgery (CWE-918) [NVD evaluation ] | Trust: 0.8 |
THREAT TYPE
remote
Trust: 0.6
TYPE
code problem
Trust: 0.6
CONFIGURATIONS
PATCH
| title: | cisco-sa-broadworks-ssrf-BJeQfpp | url: | https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-broadworks-ssrf-bjeqfpp | Trust: 0.8 |
| title: | Cisco BroadWorks CommPilot Fixes for code issue vulnerabilities | url: | http://123.124.177.30/web/xxk/bdxqbyid.tag?id=213288 | Trust: 0.6 |
EXTERNAL IDS
| db: | NVD | id: | CVE-2022-20951 | Trust: 3.3 |
| db: | JVNDB | id: | JVNDB-2022-022870 | Trust: 0.8 |
| db: | CNNVD | id: | CNNVD-202211-2103 | Trust: 0.6 |
| db: | VULHUB | id: | VHN-405504 | Trust: 0.1 |
REFERENCES
| url: | https://sec.cloudapps.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-broadworks-ssrf-bjeqfpp | Trust: 1.0 |
| url: | https://nvd.nist.gov/vuln/detail/cve-2022-20951 | Trust: 0.8 |
| url: | https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-broadworks-ssrf-bjeqfpp | Trust: 0.7 |
| url: | https://cxsecurity.com/cveshow/cve-2022-20951/ | Trust: 0.6 |
SOURCES
| db: | VULHUB | id: | VHN-405504 |
| db: | JVNDB | id: | JVNDB-2022-022870 |
| db: | CNNVD | id: | CNNVD-202211-2103 |
| db: | NVD | id: | CVE-2022-20951 |
LAST UPDATE DATE
2024-01-29T19:09:23.662000+00:00
SOURCES UPDATE DATE
| db: | VULHUB | id: | VHN-405504 | date: | 2022-11-07T00:00:00 |
| db: | JVNDB | id: | JVNDB-2022-022870 | date: | 2023-11-21T03:20:00 |
| db: | CNNVD | id: | CNNVD-202211-2103 | date: | 2022-11-08T00:00:00 |
| db: | NVD | id: | CVE-2022-20951 | date: | 2024-01-25T17:15:21.760 |
SOURCES RELEASE DATE
| db: | VULHUB | id: | VHN-405504 | date: | 2022-11-04T00:00:00 |
| db: | JVNDB | id: | JVNDB-2022-022870 | date: | 2023-11-21T00:00:00 |
| db: | CNNVD | id: | CNNVD-202211-2103 | date: | 2022-11-04T00:00:00 |
| db: | NVD | id: | CVE-2022-20951 | date: | 2022-11-04T18:15:11.157 |