CVE-2022-20958 : A vulnerability in the web-based management interface of Cisco BroadWorks CommPi

A vulnerability in the web-based management interface of Cisco BroadWorks CommPilot application could allow an unauthenticated, remote attacker to perform a server-side request forgery (SSRF) attack on an affected device. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted HTTP request to the web interface. A successful exploit could allow the attacker to obtain confidential information from the BroadWorks server and other device on the network. {{value}} ["%7b%7bvalue%7d%7d"])}]]

Published 2022-11-04 18:15:11

Updated 2024-01-25 17:15:22

Source Cisco Systems, Inc.

View at NVD, CVE.org

Vulnerability category: Server-side request forgery (SSRF)

Products affected by CVE-2022-20958

Cisco » Broadworks Commpilot Application
Versions before (<) 23.0
cpe:2.3:a:cisco:broadworks_commpilot_application:*:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2022-20958

EPSS FAQ

0.25%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 64 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2022-20958

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
8.8	HIGH	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	2.8	5.9	NIST
Attack Vector: Network Attack Complexity: Low Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality: High Integrity: High Availability: High
8.3	HIGH	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:H	2.8	5.5	Cisco Systems, Inc.
Attack Vector: Network Attack Complexity: Low Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality: High Integrity: Low Availability: High

CWE ids for CVE-2022-20958

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

Assigned by: nvd@nist.gov (Primary)
CWE-36 Absolute Path Traversal

The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize absolute path sequences such as "/abs/path" that can resolve to a location that is outside of that directory.

Assigned by: ykramarz@cisco.com (Secondary)
CWE-918 Server-Side Request Forgery (SSRF)

The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2022-20958

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-broadworks-ssrf-BJeQfpp

Cisco BroadWorks CommPilot Application Software Vulnerabilities
Vendor Advisory

CVEs referencing this url
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-broadworks-ssrf-BJeQfpp

Cisco BroadWorks CommPilot Application Software Vulnerabilities

CVEs referencing this url

Jump to

Vulnerability Details : CVE-2022-20958

Products affected by CVE-2022-20958

Exploit prediction scoring system (EPSS) score for CVE-2022-20958

CVSS scores for CVE-2022-20958

CWE ids for CVE-2022-20958

References for CVE-2022-20958