A vulnerability in the web-based management interface of Cisco BroadWorks CommPilot application could allow an unauthenticated, remote attacker to perform a server-side request forgery (SSRF) attack on an affected device.
This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted HTTP request to the web interface. A successful exploit could allow the attacker to obtain confidential information from the BroadWorks server and other device on the network.
{{value}} ["%7b%7bvalue%7d%7d"])}]]
References
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: cisco
Published: 2022-11-03T19:26:56.103Z
Updated: 2024-01-25T16:57:25.251Z
Reserved: 2021-11-02T13:28:29.195Z
Link: CVE-2022-20958
JSON object: View
NVD Information
Status : Modified
Published: 2022-11-04T18:15:11.287
Modified: 2024-01-25T17:15:22.397
Link: CVE-2022-20958
JSON object: View
Redhat Information
No data.