CVE-2021-1562

CWE-200Information ExposureCWE-20Improper Input Validation4 documents4 sources
Severity
4.3MEDIUM
EPSS
0.2%
top 57.00%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Cisco Broadworks Application ServerCisco Cisco Broadworks
Timeline
PublishedJul 8
Latest updateMay 24

Description

A vulnerability in the XSI-Actions interface of Cisco BroadWorks Application Server could allow an authenticated, remote attacker to access sensitive information on an affected system. This vulnerability is due to improper input validation and authorization of specific commands that a user can execute within the XSI-Actions interface. An attacker could exploit this vulnerability by authenticating to an affected device and issuing a specific set of commands. A successful exploit could allow the a

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages2 packages

NVDcisco/broadworks_application_server22.022.0.2020.08+2
CVEListV5cisco/cisco_broadworksn/a

🔴Vulnerability Details

2
GHSA
GHSA-5m38-m947-59q9: A vulnerability in the XSI-Actions interface of Cisco BroadWorks Application Server could allow an authenticated, remote attacker to access sensitive2022-05-24
CVEList
Cisco BroadWorks Application Server Information Disclosure Vulnerability2021-07-08

📋Vendor Advisories

1
Cisco
Cisco BroadWorks Application Server Information Disclosure Vulnerability2021-07-07
CVE-2021-1562 (MEDIUM CVSS 4.3) | A vulnerability in the XSI-Actions | cvebase.io