CVE-2021-1562

A vulnerability in the XSI-Actions interface of Cisco BroadWorks Application Server could allow an authenticated, remote attacker to access sensitive information on an affected system. This vulnerability is due to improper input validation and authorization of specific commands that a user can execute within the XSI-Actions interface. An attacker could exploit this vulnerability by authenticating to an affected device and issuing a specific set of commands. A successful exploit could allow the attacker to join a Call Center instance and have calls that they do not have permissions to access distributed to them from the Call Center queue. At the time of publication, Cisco had not released updates that address this vulnerability for Cisco BroadWorks Application Server. However, firmware patches are available.

CVSS v3 4.3 MEDIUM
CVSS v2.0 4.0 MEDIUM

4.3^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.8 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

4.0^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:S/C:P/I:N/A:N

Exploitability : 8.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-broad-as-inf-disc-ZUXGFFXQ	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:cisco:broadworks_application_server::::::::
	cpe:2.3:a:cisco:broadworks_application_server::::::::
	cpe:2.3:a:cisco:broadworks_application_server::::::::

History

No history.

Information

Published : 2021-07-08 19:15

Updated : 2024-02-28 18:28

NVD link : CVE-2021-1562

Mitre link : CVE-2021-1562

CVE.ORG link : CVE-2021-1562

JSON object : View

Products Affected

cisco

broadworks_application_server

CWE

CWE-20

Improper Input Validation

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

{"id": "CVE-2021-1562", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "authentication": "SINGLE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 2.8}, {"type": "Secondary", "source": "ykramarz@cisco.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 2.8}]}, "published": "2021-07-08T19:15:08.457", "references": [{"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-broad-as-inf-disc-ZUXGFFXQ", "tags": ["Vendor Advisory"], "source": "ykramarz@cisco.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-20"}]}, {"type": "Secondary", "source": "ykramarz@cisco.com", "description": [{"lang": "en", "value": "CWE-200"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability in the XSI-Actions interface of Cisco BroadWorks Application Server could allow an authenticated, remote attacker to access sensitive information on an affected system. This vulnerability is due to improper input validation and authorization of specific commands that a user can execute within the XSI-Actions interface. An attacker could exploit this vulnerability by authenticating to an affected device and issuing a specific set of commands. A successful exploit could allow the attacker to join a Call Center instance and have calls that they do not have permissions to access distributed to them from the Call Center queue. At the time of publication, Cisco had not released updates that address this vulnerability for Cisco BroadWorks Application Server. However, firmware patches are available."}, {"lang": "es", "value": "Una vulnerabilidad en la interfaz XSI-Actions de Cisco BroadWorks Application Server, podr\u00eda permitir a un atacante remoto autenticado acceder a informaci\u00f3n confidencial en un sistema afectado. Esta vulnerabilidad se presenta debido a una comprobaci\u00f3n inapropiada de entrada y autorizaci\u00f3n de comandos espec\u00edficos que un usuario puede ejecutar dentro de la interfaz XSI-Actions. Un atacante podr\u00eda explotar esta vulnerabilidad autentic\u00e1ndose en un dispositivo afectado y emitiendo un conjunto espec\u00edfico de comandos. Una explotaci\u00f3n con \u00e9xito podr\u00eda permitir al atacante unirse a una instancia de Call Center y hacer que se le distribuyan llamadas a las que no tiene permisos para acceder desde la cola de Call Center. En el momento de la publicaci\u00f3n, Cisco no hab\u00eda publicado actualizaciones que abordaran esta vulnerabilidad para Cisco BroadWorks Application Server. Sin embargo, se encuentran parches de firmware disponibles"}], "lastModified": "2023-11-07T03:28:38.153", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:cisco:broadworks_application_server:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E3AFF8C0-1756-49AC-9873-51C998823759", "versionEndExcluding": "22.0.2020.08", "versionStartIncluding": "22.0"}, {"criteria": "cpe:2.3:a:cisco:broadworks_application_server:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "53D5542D-015D-4298-98DE-78B3C522145B", "versionEndExcluding": "23.0.2020.08", "versionStartIncluding": "23.0"}, {"criteria": "cpe:2.3:a:cisco:broadworks_application_server:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EC790793-BD19-4719-99A9-43FC162EF8E2", "versionEndExcluding": "24.0.2020.08", "versionStartIncluding": "24.0"}], "operator": "OR"}]}], "sourceIdentifier": "ykramarz@cisco.com"}