CVE-2022-20958
published 2022-11-04CVE-2022-20958: A vulnerability in the web-based management interface of Cisco BroadWorks CommPilot application could allow an unauthenticated, remote attacker to perform a…
PriorityP258high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
EPSS
0.95%
56.8th percentile
A vulnerability in the web-based management interface of Cisco BroadWorks CommPilot application could allow an unauthenticated, remote attacker to perform a server-side request forgery (SSRF) attack on an affected device.
This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted HTTP request to the web interface. A successful exploit could allow the attacker to obtain confidential information from the BroadWorks server and other device on the network.
{{value}} ["%7b%7bvalue%7d%7d"])}]]
Affected
1274 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| cisco | broadworks_commpilot_application | < 23.0 | 23.0 |
| cisco | broadworks_commpilot_application | — | — |
| cisco | cisco_broadworks | — | — |
| cisco | cisco_broadworks | — | — |
| cisco | cisco_broadworks | — | — |
| cisco | cisco_broadworks | — | — |
| cisco | cisco_broadworks | — | — |
| cisco | cisco_broadworks | — | — |
| cisco | cisco_broadworks | — | — |
| cisco | cisco_broadworks | — | — |
| cisco | cisco_broadworks | — | — |
| cisco | cisco_broadworks | — | — |
| cisco | cisco_broadworks | — | — |
| cisco | cisco_broadworks | — | — |
| cisco | cisco_broadworks | — | — |
| cisco | cisco_broadworks | — | — |
| cisco | cisco_broadworks | — | — |
| cisco | cisco_broadworks | — | — |
| cisco | cisco_broadworks | — | — |
| cisco | cisco_broadworks | — | — |
| cisco | cisco_broadworks | — | — |
| cisco | cisco_broadworks | — | — |
| cisco | cisco_broadworks | — | — |
| cisco | cisco_broadworks | — | — |
| cisco | cisco_broadworks | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Detect crafted HTTP requests targeting the Cisco BroadWorks CommPilot web-based management interface that contain SSRF payloads (e.g., internal URLs or encoded template injection strings in user-supplied input fields) ↗
- →Monitor for SSRF-indicative patterns such as URL-encoded template expressions (e.g., %7b%7bvalue%7d%7d) in HTTP request parameters to the CommPilot management interface ↗
- →Alert on outbound HTTP requests originating from the BroadWorks CommPilot server to internal network hosts, which may indicate successful SSRF exploitation allowing lateral data exfiltration ↗
- ·CVE-2022-20958 is described as exploitable by an unauthenticated attacker in the NVD entry, but the Cisco advisory describes the attacker as authenticated — defenders should treat both scenarios as possible and not rely solely on authentication controls as a mitigation ↗
- ·Cisco confirms no workarounds exist; software updates are the only remediation — detection/monitoring controls are the only interim defensive measure ↗
- ·This advisory covers multiple vulnerabilities (CWE-36 absolute path traversal and CWE-918 SSRF) tracked under Bug IDs CSCwd04685, CSCwd06681, CSCwd58339 — ensure detection coverage addresses both path traversal and SSRF attack vectors ↗
CVSS provenance
nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
vendor_cisco8.3HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-4w9w-3v73-2rh7: A vulnerability in the web-based management interface of Cisco BroadWorks CommPilot application could allow an unauthenticated, remote attacker to per
ghsa_unreviewed·2022-11-04
CVE-2022-20958 [HIGH] CWE-20 GHSA-4w9w-3v73-2rh7: A vulnerability in the web-based management interface of Cisco BroadWorks CommPilot application could allow an unauthenticated, remote attacker to per
A vulnerability in the web-based management interface of Cisco BroadWorks CommPilot application could allow an unauthenticated, remote attacker to perform a server-side request forgery (SSRF) attack on an affected device. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted HTTP request to the web interface. A successful exploit could allow the attacker to obtain confidential information from the BroadWorks server and other device on the network. {{value}} ["%7b%7bvalue%7d%7d"])}]]
Cisco
Cisco BroadWorks CommPilot Application Software Vulnerabilities
vendor_cisco·2022-11-02·CVSS 8.3
CVE-2022-20951 [HIGH] CWE-36 Cisco BroadWorks CommPilot Application Software Vulnerabilities
Cisco BroadWorks CommPilot Application Software Vulnerabilities
Multiple vulnerabilities in the web-based management interface of Cisco BroadWorks CommPilot Application Software could allow an authenticated, remote attacker to execute arbitrary code on an affected device or obtain confidential information from the Cisco BroadWorks server and other devices on the network.
For more information about these vulnerabilities, see the Details section of this advisory.
Cisco has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities.
This advisory is available at the following link:https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-broadworks-ssrf-BJeQfpp
Cisco
Cisco BroadWorks CommPilot Application Software Vulnerabilities
vendor_cisco·CVSS 3.1
CVE-2022-20958 Cisco BroadWorks CommPilot Application Software Vulnerabilities
CVE-2022-20958: Cisco BroadWorks CommPilot Application Software Vulnerabilities
Multiple vulnerabilities in the web-based management interface of Cisco BroadWorks CommPilot Application Software could allow an authenticated, remote attacker to execute arbitrary code on an affected device or obtain confidential information from the Cisco BroadWorks server and other devices on the network. For more information about these vulnerabilities, see the
CVSS: 3.1
CWE: CWE-36, CWE-918, CWE-36, CWE-918
Bug IDs: CSCwd04685, CSCwd06681, CSCwd58339, CSCwd06681, CSCwd04685
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2022-11-04
Published