SB2022110424 - Multiple vulnerabilities in Cisco BroadWorks CommPilot Application Software
Published: November 4, 2022 Updated: December 21, 2022
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 2 secuirty vulnerabilities.
1) Absolute Path Traversal (CVE-ID: CVE-2022-20951)
The vulnerability allows a remote user to execute arbitrary commands on the system.
The vulnerability exists due to insufficient validation of user-supplied input in the web-based management interface. A remote authenticated user can send a specially crafted HTTP request and execute arbitrary OS commands on the device as the bworks user.
2) Server-Side Request Forgery (SSRF) (CVE-ID: CVE-2022-20958)
The disclosed vulnerability allows a user attacker to perform SSRF attacks.
The vulnerability exists due to insufficient validation of user-supplied input. A remote user can send a specially crafted HTTP request and trick the application to initiate requests to arbitrary systems.
Successful exploitation of this vulnerability may allow a remote attacker gain access to sensitive data, located in the local network or send malicious requests to other servers from the vulnerable system.
Remediation
Install update from vendor's website.
References
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-broadworks-ssrf-BJeQfpp
- https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwd06681
- https://www.shielder.com/advisories/cisco-broadworks-commpilot-ssrf/
- https://bst.cloudapps.cisco.com/bugsearch/bug/CSCwd04685
- https://www.shielder.com/advisories/cisco-broadworks-commpilot-authenticated-remote-code-execution/