Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
A vulnerability in the web-based management interface of Cisco BroadWorks CommPilot application could allow an unauthenticated, remote attacker to perform a server-side request forgery (SSRF) attack on an affected device. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted HTTP request to the web interface. A successful exploit could allow the attacker to obtain confidential information from the BroadWorks server and other device on the network. {{value}} ["%7b%7bvalue%7d%7d"])}]]
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:H
Vulnerability Type
绝对路径遍历
Vulnerability Title
Cisco BroadWorks CommPilot 代码问题漏洞
Vulnerability Description
Cisco BroadWorks CommPilot是美国思科(Cisco)公司的一个运营商级统一通信软件平台,针对性能和规模进行了优化。BroadWorks 由服务提供商托管,可在任何类型的有线或无线网络架构上部署来自通用网络平台的云呼叫。 Cisco BroadWorks CommPilot存在代码问题漏洞,该漏洞源于对用户提供的输入验证不充分,可能允许未经身份验证的远程攻击者对受影响的设备执行服务器端请求伪造(SSRF)攻击,成功利用此漏洞可能允许攻击者从服务器和网络上的其他设备获取机密信息。
CVSS Information
N/A
Vulnerability Type
N/A