Описание
A vulnerability in the web-based management interface of Cisco BroadWorks CommPilot application could allow an unauthenticated, remote attacker to perform a server-side request forgery (SSRF) attack on an affected device.
This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted HTTP request to the web interface. A successful exploit could allow the attacker to obtain confidential information from the BroadWorks server and other device on the network.
{{value}} ["%7b%7bvalue%7d%7d"])}]]
Уязвимые конфигурации
EPSS
8.3 High
CVSS3
8.8 High
CVSS3
Дефекты
Связанные уязвимости
A vulnerability in the web-based management interface of Cisco BroadWorks CommPilot application could allow an unauthenticated, remote attacker to perform a server-side request forgery (SSRF) attack on an affected device. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted HTTP request to the web interface. A successful exploit could allow the attacker to obtain confidential information from the BroadWorks server and other device on the network. {{value}} ["%7b%7bvalue%7d%7d"])}]]
Уязвимость веб-интерфейса управления программного средства Cisco BroadWorks CommPilot Application Software, позволяющая нарушителю выполнить произвольный код
EPSS
8.3 High
CVSS3
8.8 High
CVSS3