cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2025-20165,https://securityvulnerability.io/vulnerability/CVE-2025-20165,Denial of Service vulnerability in Cisco BroadWorks SIP processing,"A vulnerability exists in the SIP processing subsystem of Cisco BroadWorks that allows unauthenticated, remote attackers to disrupt service by overwhelming the system with SIP requests. This issue stems from improper memory management for specific SIP requests. When an attacker floods the affected system with a high volume of SIP requests, they can deplete the memory available to the Cisco BroadWorks Network Servers, causing them to be unable to process any additional requests. This results in a denial of service condition, necessitating manual intervention to restore functionality.",Cisco,Cisco Broadworks,7.5,HIGH,0.0005099999834783375,false,,false,false,true,2025-01-22T16:21:30.377Z,false,false,false,,2025-01-22T16:21:30.377Z,0
CVE-2022-20948,https://securityvulnerability.io/vulnerability/CVE-2022-20948,Cisco BroadWorks Hosted Thin Receptionist Vulnerability Could Lead to XSS Attacks,"A vulnerability in the web management interface of Cisco BroadWorks Hosted Thin Receptionist enables authenticated, remote attackers to conduct cross-site scripting (XSS) attacks. This security issue arises from insufficient validation of user input, allowing potential exploitation when a user is tricked into clicking a crafted link. If successful, an attacker could execute arbitrary scripts in the context of the affected interface, leading to unauthorized access to sensitive browser-based information. Cisco has provided software updates to mitigate this issue. No workaround exists to protect against this vulnerability.",Cisco,Cisco Broadworks,5.4,MEDIUM,0.00044999999227002263,false,,false,false,false,,,false,false,,2024-11-15T15:30:38.852Z,0
CVE-2023-20125,https://securityvulnerability.io/vulnerability/CVE-2023-20125,Unauthenticated Remote Attacker Could Exhaust System Resources and Cause Denial of Service,"A vulnerability in the local interface of Cisco BroadWorks Network Server enables unauthenticated, remote attackers to exploit system resources. This vulnerability arises due to inadequate rate limiting on certain incoming TCP connections. An attacker could send an overwhelming number of TCP connection requests, leading to resource exhaustion that renders the server inoperable. To restore service after an exploit, it is necessary to either restart the Cisco BroadWorks Network Server software or reboot the server node. Cisco has issued software updates to rectify this issue; however, there are no available workarounds.",Cisco,Cisco Broadworks,8.6,HIGH,0.0004600000102072954,false,,false,false,false,,,false,false,,2024-11-15T14:58:04.361Z,0
CVE-2024-20270,https://securityvulnerability.io/vulnerability/CVE-2024-20270,Stored XSS Vulnerability in Cisco BroadWorks Management Interface,"A stored cross-site scripting vulnerability exists in the web-based management interface of Cisco BroadWorks Application Delivery Platform and Cisco BroadWorks Xtended Services Platform due to improper validation of user input. An authenticated, remote attacker could exploit this vulnerability by persuading a user to click on a specially crafted link, potentially executing arbitrary scripts within the context of the affected interface. This could lead to unauthorized access to sensitive information stored in the browser, posing a security risk to users.",Cisco,Cisco BroadWorks,5.4,MEDIUM,0.0006099999882280827,false,,false,false,false,,,false,false,,2024-01-17T16:53:57.724Z,0
CVE-2023-20238,https://securityvulnerability.io/vulnerability/CVE-2023-20238,SSO Vulnerability in Cisco BroadWorks Platforms,"A vulnerability exists in the single sign-on (SSO) configuration of Cisco's BroadWorks platforms, allowing unauthenticated remote attackers to forge credentials necessary for system access. The flaw resides in the validation method for SSO tokens. By exploiting this issue, attackers can authenticate to applications using forged credentials, potentially leading to unauthorized actions. If an administrator's account is compromised, attackers could access sensitive data, modify customer settings, or alter configurations for other users. To execute such an attack, the perpetrator must possess a valid user ID associated with the vulnerable Cisco BroadWorks system.",Cisco,Cisco Broadworks,10,CRITICAL,0.0024999999441206455,false,,false,false,true,2024-10-23T20:15:06.000Z,,false,false,,2023-09-06T18:15:00.000Z,0
CVE-2023-20204,https://securityvulnerability.io/vulnerability/CVE-2023-20204,Cross-site Scripting Vulnerability in Cisco BroadWorks CommPilot Application Software,"A vulnerability in the web-based management interface of Cisco's BroadWorks CommPilot Application Software allows authenticated, remote attackers to launch cross-site scripting attacks. This occurs due to inadequate validation of user-supplied inputs, enabling attackers to persuade users to click on crafted links. Upon successful exploitation, attackers can execute arbitrary script code within the context of the affected interface or gain unauthorized access to sensitive, browser-based information. It is crucial for organizations using this software to implement robust security measures to mitigate this risk.",Cisco,Cisco BroadWorks,5.4,MEDIUM,0.0006099999882280827,false,,false,false,false,,,false,false,,2023-08-03T22:15:00.000Z,0
CVE-2023-20216,https://securityvulnerability.io/vulnerability/CVE-2023-20216,Privilege Elevation Vulnerability in Cisco BroadWorks Servers,"A significant vulnerability in Cisco BroadWorks server types allows an authenticated local attacker to escalate privileges to root level. This issue arises from improper implementation of user role permissions, particularly for users assigned BWORKS or BWSUPERADMIN roles. An attacker can exploit this flaw by issuing specially crafted commands after gaining access, potentially executing actions outside their intended access, such as installing software or running critical operating system commands. While there are workarounds available, immediate action is recommended to mitigate any risk.",Cisco,Cisco BroadWorks,7.8,HIGH,0.0004199999966658652,false,,false,false,false,,,false,false,,2023-08-03T22:15:00.000Z,0
CVE-2023-20210,https://securityvulnerability.io/vulnerability/CVE-2023-20210,Privilege Escalation Vulnerability in Cisco BroadWorks,"A security issue in Cisco BroadWorks allows authenticated local attackers to escalate their privileges to the root user level. This flaw stems from inadequate input validation in the operating system command line interface (CLI). Attackers with administrative privileges can exploit this by issuing specially crafted commands, potentially leading to executing commands as the root user, which poses significant risks to the integrity and stability of the affected device.",Cisco,Cisco BroadWorks,6,MEDIUM,0.0004199999966658652,false,,false,false,false,,,false,false,,2023-07-12T14:15:00.000Z,0
CVE-2023-20019,https://securityvulnerability.io/vulnerability/CVE-2023-20019,Cross-Site Scripting Vulnerability in Cisco BroadWorks Platforms,"A vulnerability exists in the web-based management interface of Cisco BroadWorks platforms that could permit an unauthenticated remote attacker to execute a cross-site scripting attack. The flaw is due to improper validation of user-supplied input, allowing attackers to craft malicious links that, when clicked by users, could lead to the execution of arbitrary script code within the context of the interface. This could potentially expose sensitive information stored in the user's browser, compromising security.",Cisco,Cisco BroadWorks,6.1,MEDIUM,0.0013599999947473407,false,,false,false,false,,,false,false,,2023-01-20T07:15:00.000Z,0
CVE-2023-20020,https://securityvulnerability.io/vulnerability/CVE-2023-20020,Denial of Service Vulnerability in Cisco BroadWorks Platforms,"A vulnerability exists in the Device Management Servlet of Cisco BroadWorks platforms that could enable an unauthenticated remote attacker to trigger a denial of service (DoS) condition. This issue arises from inadequate input validation during the handling of HTTP requests. By sending a continuous stream of specifically crafted requests, an attacker could prevent the affected device from processing subsequent requests, effectively causing a DoS situation.",Cisco,Cisco BroadWorks,8.6,HIGH,0.0013800000306218863,false,,false,false,false,,,false,false,,2023-01-20T07:15:00.000Z,0
CVE-2022-20951,https://securityvulnerability.io/vulnerability/CVE-2022-20951,Server-Side Request Forgery Vulnerability in Cisco BroadWorks CommPilot Application,"A vulnerability in the web-based management interface of Cisco's BroadWorks CommPilot application allows authenticated, remote attackers to execute a server-side request forgery (SSRF) attack. This vulnerability stems from inadequate validation of user-provided input. An attacker can exploit this weakness by sending a specially crafted HTTP request to the web interface, potentially gaining access to confidential information from the BroadWorks server and other devices on the network.",Cisco,Cisco Broadworks,7.7,HIGH,0.0013599999947473407,false,,false,false,true,2024-08-03T03:15:48.000Z,,false,false,,2022-11-04T18:15:00.000Z,0
CVE-2022-20958,https://securityvulnerability.io/vulnerability/CVE-2022-20958,Server-Side Request Forgery Vulnerability in Cisco BroadWorks CommPilot Application,"A vulnerability exists within the web-based management interface of the Cisco BroadWorks CommPilot application that could allow unauthenticated remote attackers to conduct Server-Side Request Forgery (SSRF) attacks. This vulnerability arises from the inadequate validation of user-provided input. By crafting a malicious HTTP request targeted at the web interface, an attacker may exploit this issue, leading to the potential exposure of sensitive information stored on the BroadWorks server and other devices within the network. For detailed information, refer to the Cisco advisory.",Cisco,Cisco Broadworks,8.3,HIGH,0.0024500000290572643,false,,false,false,true,2024-08-03T03:15:49.000Z,,false,false,,2022-11-04T18:15:00.000Z,0
CVE-2022-20869,https://securityvulnerability.io/vulnerability/CVE-2022-20869,Cisco BroadWorks Application Delivery Platform Software Cross-Site Scripting Vulnerability,"A vulnerability in the web-based management interface of Cisco BroadWorks Application Delivery Platform Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting attack against a user of the interface. This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive browser-based information.",Cisco,Cisco Broadworks,6.1,MEDIUM,0.0013599999947473407,false,,false,false,true,2024-08-03T03:15:45.000Z,,false,false,,2022-08-10T09:15:00.000Z,0
CVE-2021-34785,https://securityvulnerability.io/vulnerability/CVE-2021-34785,Cisco BroadWorks CommPilot Application Software Vulnerabilities,"Multiple vulnerabilities in Cisco BroadWorks CommPilot Application Software could allow an authenticated, remote attacker to delete arbitrary user accounts or gain elevated privileges on an affected system.",Cisco,Cisco Broadworks,6.5,MEDIUM,0.0026499999221414328,false,,false,false,true,2024-08-04T02:15:24.000Z,,false,false,,2021-09-09T05:15:00.000Z,0
CVE-2021-34786,https://securityvulnerability.io/vulnerability/CVE-2021-34786,Cisco BroadWorks CommPilot Application Software Vulnerabilities,"Multiple vulnerabilities in Cisco BroadWorks CommPilot Application Software could allow an authenticated, remote attacker to delete arbitrary user accounts or gain elevated privileges on an affected system.",Cisco,Cisco Broadworks,6.5,MEDIUM,0.0007999999797903001,false,,false,false,true,2024-08-04T02:15:24.000Z,,false,false,,2021-09-09T05:15:00.000Z,0
CVE-2021-1562,https://securityvulnerability.io/vulnerability/CVE-2021-1562,Cisco BroadWorks Application Server Information Disclosure Vulnerability,"A vulnerability in the XSI-Actions interface of Cisco BroadWorks Application Server could allow an authenticated, remote attacker to access sensitive information on an affected system. This vulnerability is due to improper input validation and authorization of specific commands that a user can execute within the XSI-Actions interface. An attacker could exploit this vulnerability by authenticating to an affected device and issuing a specific set of commands. A successful exploit could allow the attacker to join a Call Center instance and have calls that they do not have permissions to access distributed to them from the Call Center queue. At the time of publication, Cisco had not released updates that address this vulnerability for Cisco BroadWorks Application Server. However, firmware patches are available.",Cisco,Cisco Broadworks,4.3,MEDIUM,0.0007300000288523734,false,,false,false,true,2024-08-03T17:16:01.000Z,,false,false,,2021-07-08T19:15:00.000Z,0
CVE-2021-1530,https://securityvulnerability.io/vulnerability/CVE-2021-1530,Cisco BroadWorks Messaging Server XML External Entity Injection Vulnerability,"A vulnerability in the web-based management interface of Cisco BroadWorks Messaging Server Software could allow an authenticated, remote attacker to access sensitive information or cause a partial denial of service (DoS) condition on an affected system. This vulnerability is due to improper handling of XML External Entity (XXE) entries when parsing certain XML files. An attacker could exploit this vulnerability by uploading a crafted XML file that contains references to external entities. A successful exploit could allow the attacker to retrieve files from the local system, resulting in the disclosure of sensitive information, or cause the application to consume available resources, resulting in a partial DoS condition on an affected system. There are workarounds that address this vulnerability.",Cisco,Cisco Broadworks,5.4,MEDIUM,0.0016299999551847577,false,,false,false,true,2024-08-03T17:16:00.000Z,,false,false,,2021-05-06T13:15:00.000Z,0