Cisco Broadworks vulnerabilities

CVE-2025-20307 [MEDIUM] CWE-79 CVE-2025-20307: A vulnerability in the web-based management interface of Cisco BroadWorks CommPilot Application Soft A vulnerability in the web-based management interface of Cisco BroadWorks CommPilot Application Software could allow an authenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface. This vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an a

CVE-2025-20211 [MEDIUM] CWE-79 CVE-2025-20211: A vulnerability in the web-based management interface of Cisco BroadWorks Application Delivery Platf A vulnerability in the web-based management interface of Cisco BroadWorks Application Delivery Platform could allow an unauthenticated, remote attacker to conduct a cross-site scripting attack against a user of the interface. This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attac

CVE-2025-20165 [HIGH] CWE-789 CVE-2025-20165: A vulnerability in the SIP processing subsystem of Cisco BroadWorks could allow an unauthenticated, A vulnerability in the SIP processing subsystem of Cisco BroadWorks could allow an unauthenticated, remote attacker to halt the processing of incoming SIP requests, resulting in a denial of service (DoS) condition. This vulnerability is due to improper memory handling for certain SIP requests. An attacker could exploit this vulnerability by sending a

CVE-2023-20125 [HIGH] CWE-400 CVE-2023-20125: A vulnerability in the local interface of Cisco BroadWorks Network Server could allow an unauthentic A vulnerability in the local interface of Cisco BroadWorks Network Server could allow an unauthenticated, remote attacker to exhaust system resources, causing a denial of service (DoS) condition. This vulnerability exists because rate limiting does not occur for certain incoming TCP connections. An attacker could exploit this vulnerability by sending

CVE-2022-20948 [MEDIUM] CWE-79 CVE-2022-20948: A vulnerability in the web management interface of Cisco BroadWorks Hosted Thin Receptionist co A vulnerability in the web management interface of Cisco BroadWorks Hosted Thin Receptionist could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. This vulnerability is due to insufficient user input validation. An attacker could exploit this vulnerability by persuading a user of

CVE-2024-20270 [MEDIUM] CWE-79 CVE-2024-20270: A vulnerability in the web-based management interface of Cisco BroadWorks Application Delivery Platf A vulnerability in the web-based management interface of Cisco BroadWorks Application Delivery Platform and Cisco BroadWorks Xtended Services Platform could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface. This vulnerability exists because the web-based management interface

CVE-2023-20238 [CRITICAL] CWE-287 CVE-2023-20238: A vulnerability in the single sign-on (SSO) implementation of Cisco BroadWorks Application Delivery A vulnerability in the single sign-on (SSO) implementation of Cisco BroadWorks Application Delivery Platform and Cisco BroadWorks Xtended Services Platform could allow an unauthenticated, remote attacker to forge the credentials required to access an affected system. This vulnerability is due to the method used to validate SSO tokens. An attacker c

CVE-2023-20216 [MEDIUM] CWE-269 CVE-2023-20216: A vulnerability in the privilege management functionality of all Cisco BroadWorks server types could A vulnerability in the privilege management functionality of all Cisco BroadWorks server types could allow an authenticated, local attacker to elevate privileges to root on an affected system. This vulnerability is due to incorrect implementation of user role permissions. An attacker could exploit this vulnerability by authenticating to the applicat

CVE-2023-20204 [MEDIUM] CWE-79 CVE-2023-20204: A vulnerability in the web-based management interface of Cisco BroadWorks CommPilot Application Soft A vulnerability in the web-based management interface of Cisco BroadWorks CommPilot Application Software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An a

CVE-2023-20210 [MEDIUM] CWE-250 CVE-2023-20210: A vulnerability in Cisco BroadWorks could allow an authenticated, local attacker to elevate privileg A vulnerability in Cisco BroadWorks could allow an authenticated, local attacker to elevate privileges to the root user on an affected device. The vulnerability is due to insufficient input validation by the operating system CLI. An attacker could exploit this vulnerability by issuing a crafted command to the affected system. A successful exploit co

CVE-2023-20020 [HIGH] CWE-835 CVE-2023-20020: A vulnerability in the Device Management Servlet application of Cisco BroadWorks Application Deliver A vulnerability in the Device Management Servlet application of Cisco BroadWorks Application Delivery Platform and Cisco BroadWorks Xtended Services Platform could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to improper input validation when parsing HTTP reques

CVE-2023-20019 [MEDIUM] CWE-79 CVE-2023-20019: A vulnerability in the web-based management interface of Cisco BroadWorks Application Delivery Platf A vulnerability in the web-based management interface of Cisco BroadWorks Application Delivery Platform, Cisco BroadWorks Application Server, and Cisco BroadWorks Xtended Services Platform could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface of an affected device. This vulnerab

CVE-2022-20958 [HIGH] CWE-36 CVE-2022-20958: A vulnerability in the web-based management interface of Cisco BroadWorks CommPilot application coul A vulnerability in the web-based management interface of Cisco BroadWorks CommPilot application could allow an unauthenticated, remote attacker to perform a server-side request forgery (SSRF) attack on an affected device. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending

CVE-2022-20951 [HIGH] CWE-918 CVE-2022-20951: A vulnerability in the web-based management interface of Cisco BroadWorks CommPilot application coul A vulnerability in the web-based management interface of Cisco BroadWorks CommPilot application could allow an authenticated, remote attacker to perform a server-side request forgery (SSRF) attack on an affected device. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending

CVE-2022-20869 [MEDIUM] CWE-79 CVE-2022-20869: A vulnerability in the web-based management interface of Cisco BroadWorks Application Delivery Platf A vulnerability in the web-based management interface of Cisco BroadWorks Application Delivery Platform Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting attack against a user of the interface. This vulnerability exists because the web-based management interface does not properly validate user-supplied input.

CVE-2021-34785 [MEDIUM] CWE-620 CVE-2021-34785: Multiple vulnerabilities in Cisco BroadWorks CommPilot Application Software could allow an authentic Multiple vulnerabilities in Cisco BroadWorks CommPilot Application Software could allow an authenticated, remote attacker to delete arbitrary user accounts or gain elevated privileges on an affected system.

CVE-2021-34786 [MEDIUM] CWE-620 CVE-2021-34786: Multiple vulnerabilities in Cisco BroadWorks CommPilot Application Software could allow an authentic Multiple vulnerabilities in Cisco BroadWorks CommPilot Application Software could allow an authenticated, remote attacker to delete arbitrary user accounts or gain elevated privileges on an affected system.

CVE-2021-1562 [MEDIUM] CWE-200 CVE-2021-1562: A vulnerability in the XSI-Actions interface of Cisco BroadWorks Application Server could allow an a A vulnerability in the XSI-Actions interface of Cisco BroadWorks Application Server could allow an authenticated, remote attacker to access sensitive information on an affected system. This vulnerability is due to improper input validation and authorization of specific commands that a user can execute within the XSI-Actions interface. An attacker coul

CVE-2021-1530 [MEDIUM] CWE-611 CVE-2021-1530: A vulnerability in the web-based management interface of Cisco BroadWorks Messaging Server Software A vulnerability in the web-based management interface of Cisco BroadWorks Messaging Server Software could allow an authenticated, remote attacker to access sensitive information or cause a partial denial of service (DoS) condition on an affected system. This vulnerability is due to improper handling of XML External Entity (XXE) entries when parsing cer