cbcvebase.
CVE-2022-20958
published 2022-11-04

CVE-2022-20958: A vulnerability in the web-based management interface of Cisco BroadWorks CommPilot application could allow an unauthenticated, remote attacker to perform a…

PriorityP258high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
EPSS
0.95%
56.8th percentile
A vulnerability in the web-based management interface of Cisco BroadWorks CommPilot application could allow an unauthenticated, remote attacker to perform a server-side request forgery (SSRF) attack on an affected device. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted HTTP request to the web interface. A successful exploit could allow the attacker to obtain confidential information from the BroadWorks server and other device on the network. {{value}} ["%7b%7bvalue%7d%7d"])}]]

Affected

1274 ranges· showing 25
VendorProductVersion rangeFixed in
ciscobroadworks_commpilot_application< 23.023.0
ciscobroadworks_commpilot_application
ciscocisco_broadworks
ciscocisco_broadworks
ciscocisco_broadworks
ciscocisco_broadworks
ciscocisco_broadworks
ciscocisco_broadworks
ciscocisco_broadworks
ciscocisco_broadworks
ciscocisco_broadworks
ciscocisco_broadworks
ciscocisco_broadworks
ciscocisco_broadworks
ciscocisco_broadworks
ciscocisco_broadworks
ciscocisco_broadworks
ciscocisco_broadworks
ciscocisco_broadworks
ciscocisco_broadworks
ciscocisco_broadworks
ciscocisco_broadworks
ciscocisco_broadworks
ciscocisco_broadworks
ciscocisco_broadworks

Detection & IOCsextracted from sources · hover to see the quote

  • Detect crafted HTTP requests targeting the Cisco BroadWorks CommPilot web-based management interface that contain SSRF payloads (e.g., internal URLs or encoded template injection strings in user-supplied input fields)
  • Monitor for SSRF-indicative patterns such as URL-encoded template expressions (e.g., %7b%7bvalue%7d%7d) in HTTP request parameters to the CommPilot management interface
  • Alert on outbound HTTP requests originating from the BroadWorks CommPilot server to internal network hosts, which may indicate successful SSRF exploitation allowing lateral data exfiltration
  • ·CVE-2022-20958 is described as exploitable by an unauthenticated attacker in the NVD entry, but the Cisco advisory describes the attacker as authenticated — defenders should treat both scenarios as possible and not rely solely on authentication controls as a mitigation
  • ·Cisco confirms no workarounds exist; software updates are the only remediation — detection/monitoring controls are the only interim defensive measure
  • ·This advisory covers multiple vulnerabilities (CWE-36 absolute path traversal and CWE-918 SSRF) tracked under Bug IDs CSCwd04685, CSCwd06681, CSCwd58339 — ensure detection coverage addresses both path traversal and SSRF attack vectors

CVSS provenance

nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
vendor_cisco8.3HIGH
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.