Multiple vulnerabilities in Cisco BroadWorks CommPilot Application Software
| Risk | Medium |
| Patch available | YES |
| Number of vulnerabilities | 2 |
| CVE-ID | CVE-2022-20951 CVE-2022-20958 |
| CWE-ID | CWE-36 CWE-918 |
| Exploitation vector | Network |
| Public exploit |
Public exploit code for vulnerability #1 is available. Public exploit code for vulnerability #2 is available. |
| Vulnerable software |
BroadWorks CommPilot Application Software Server applications / Other server solutions |
| Vendor | Cisco Systems, Inc |
Security Bulletin
This security bulletin contains information about 2 vulnerabilities.
1) Absolute Path Traversal
EUVDB-ID: #VU68971
Risk: Medium
CVSSv4.0: 5.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:L/VA:H/SC:N/SI:N/SA:N/E:P/U:Green]
CVE-ID: CVE-2022-20951
CWE-ID:
CWE-36 - Absolute Path Traversal
Exploit availability: No
DescriptionThe vulnerability allows a remote user to execute arbitrary commands on the system.
The vulnerability exists due to insufficient validation of user-supplied input in the web-based management interface. A remote authenticated user can send a specially crafted HTTP request and execute arbitrary OS commands on the device as the bworks user.
MitigationInstall updates from vendor's website.
Vulnerable software versionsBroadWorks CommPilot Application Software: before 23.0.1075
CPE2.3 External linkshttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-broadworks-ssrf-BJeQfpp
https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwd06681
https://www.shielder.com/advisories/cisco-broadworks-commpilot-ssrf/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
2) Server-Side Request Forgery (SSRF)
EUVDB-ID: #VU68972
Risk: Medium
CVSSv4.0: 2.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:L/SI:N/SA:N/E:P/U:Green]
CVE-ID: CVE-2022-20958
CWE-ID:
CWE-918 - Server-Side Request Forgery (SSRF)
Exploit availability: No
DescriptionThe disclosed vulnerability allows a user attacker to perform SSRF attacks.
The vulnerability exists due to insufficient validation of user-supplied input. A remote user can send a specially crafted HTTP request and trick the application to initiate requests to arbitrary systems.
Successful exploitation of this vulnerability may allow a remote attacker gain access to sensitive data, located in the local network or send malicious requests to other servers from the vulnerable system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsBroadWorks CommPilot Application Software: before 23.0.1075
CPE2.3 External linkshttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-broadworks-ssrf-BJeQfpp
https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwd04685
https://www.shielder.com/advisories/cisco-broadworks-commpilot-authenticated-remote-code-execution/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
