CVE-2021-34785

CWE-620 CWE-287 — Improper Authentication4 documents4 sources

Severity

7.2HIGH

EPSS

0.5%

top 33.12%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Broadworks Commpilot Application Software Cisco Cisco Broadworks

Timeline

PublishedSep 9

Latest updateMay 24

Description

Multiple vulnerabilities in Cisco BroadWorks CommPilot Application Software could allow an authenticated, remote attacker to delete arbitrary user accounts or gain elevated privileges on an affected system.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:HExploitability: 1.2 | Impact: 5.2

Affected Packages2 packages

▶NVDcisco/broadworks_commpilot_application_software22.0 — 22.0.2021.09+2

▶CVEListV5cisco/cisco_broadworksn/a

🔴Vulnerability Details

GHSA

GHSA-vx2r-9h83-x7p6: Multiple vulnerabilities in Cisco BroadWorks CommPilot Application Software could allow an authenticated, remote attacker to delete arbitrary user acc↗2022-05-24

▶

CVEList

Cisco BroadWorks CommPilot Application Software Vulnerabilities↗2021-09-09

▶

📋Vendor Advisories

Cisco

Cisco BroadWorks CommPilot Application Software Vulnerabilities↗2021-09-08

▶