CVE-2022-20951

CVSS 7.7 · High EPSS 0.54% · P68 Updated Jan 25, 2025

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2022-20951

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Description

A vulnerability in the web-based management interface of Cisco BroadWorks CommPilot application could allow an authenticated, remote attacker to perform a server-side request forgery (SSRF) attack on an affected device. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted HTTP request to the web interface. A successful exploit could allow the attacker to obtain confidential information from the BroadWorks server and other device on the network. {{value}} ["%7b%7bvalue%7d%7d"])}]]

Source: NVD (National Vulnerability Database)

CVSS Information

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

Source: NVD (National Vulnerability Database)

Vulnerability Type

服务端请求伪造(SSRF)

Source: NVD (National Vulnerability Database)

Vulnerability Title

Cisco BroadWorks CommPilot 代码问题漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

Cisco BroadWorks CommPilot是美国思科（Cisco）公司的一个运营商级统一通信软件平台，针对性能和规模进行了优化。BroadWorks 由服务提供商托管，可在任何类型的有线或无线网络架构上部署来自通用网络平台的云呼叫。 Cisco BroadWorks CommPilot存在安全漏洞，该漏洞源于对用户提供的输入验证不充分，可能允许经过身份验证的远程攻击者对受影响的设备执行服务器端请求伪造(SSRF)攻击，成功利用此漏洞可能允许攻击者从服务器和网络上的其他设备获取机密信息。

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
Cisco	Cisco BroadWorks	24.0 ap375672	-

II. Public POCs for CVE-2022-20951

#	POC Description	Source Link	Shenlong Link

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2022-20951

请登录查看更多情报信息。

Same Patch Batch · Cisco · 2022-11-03 · 13 CVEs total

CVE-2022-20961	8.8 HIGH	Cisco Identity Services Engine 跨站请求伪造漏洞
CVE-2022-20958	8.3 HIGH	Cisco BroadWorks CommPilot 代码问题漏洞
CVE-2022-20960	7.5 HIGH	多款Cisco产品信任管理问题漏洞
CVE-2022-20956	7.1 HIGH	Cisco Identity Services Engine 安全漏洞
CVE-2022-20942	6.5 MEDIUM	多款Cisco产品安全漏洞
CVE-2022-20963	5.4 MEDIUM	Cisco Identity Services Engine 跨站脚本漏洞
CVE-2022-20867	5.4 MEDIUM	多款Cisco产品SQL注入漏洞
CVE-2022-20937	5.3 MEDIUM	Cisco Identity Services Engine 资源管理错误漏洞
CVE-2022-20969	4.8 MEDIUM	Cisco Umbrella 跨站脚本漏洞
CVE-2022-20772	4.7 MEDIUM	多款Cisco产品注入漏洞
CVE-2022-20868	4.7 MEDIUM	多款Cisco产品信任管理问题漏洞
CVE-2022-20962	3.8 LOW	Cisco Identity Services Engine 路径遍历漏洞

IV. Related Vulnerabilities

Same product: Cisco BroadWorks

Same vendor: Cisco

Same weakness: CWE-918

V. Comments for CVE-2022-20951

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

CVE-2022-20951

I. Basic Information for CVE-2022-20951

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2022-20951

III. Intelligence Information for CVE-2022-20951

Same Patch Batch · Cisco · 2022-11-03 · 13 CVEs total

IV. Related Vulnerabilities

V. Comments for CVE-2022-20951

Leave a comment