cve/CVE-2022-20951.md at f1f1f9a798d36fa0748d135c6fe5299cdbcc69fb

admin/cve

mirror of https://github.com/0xMarcio/cve.git synced 2025-06-01 11:10:36 +00:00

0xMarcio 6100550298 Update CVE sources 2024-06-22 09:37

2024-06-22 09:37:59 +00:00

Description

A vulnerability in the web-based management interface of Cisco BroadWorks CommPilot application could allow an authenticated, remote attacker to perform a server-side request forgery (SSRF) attack on an affected device.

This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted HTTP request to the web interface. A successful exploit could allow the attacker to obtain confidential information from the BroadWorks server and other device on the network.

{{value}} ["%7b%7bvalue%7d%7d"])}]]

POC

Reference

No PoCs from references.

Github

https://github.com/fardeen-ahmed/Bug-bounty-Writeups

1.1 KiB Raw Blame History

CVE-2022-20951

Description

POC

Reference

Github

1.1 KiB

Raw Blame History