PT-2021-3599 · Cisco · Cisco Broadworks Application Server
Published
2021-07-07
·
Updated
2022-10-21
·
CVE-2021-1562
CVSS v3.1
4.3
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Cisco BroadWorks Application Server (affected versions not specified)
Description
The issue is related to insufficient protection of internal data in the XSI-Actions interface of the Cisco BroadWorks Application Server. This could allow a remote attacker to gain unauthorized access to sensitive information. The vulnerability is due to improper input validation and authorization of specific commands within the XSI-Actions interface. An attacker could exploit this by authenticating to the device and issuing specific commands, potentially allowing them to access calls they do not have permission for from the Call Center queue.
Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
RCE
Information Disclosure
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Cisco Broadworks Application Server