How severe is CVE-2022-20951?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 6.5 out of 10.

What type of vulnerability is CVE-2022-20951?

This is classified as CWE-918, which is a common weakness in software security.

CVE-2022-20951 - MEDIUM Severity | CVSS 6.5

Vulnerability Description

A vulnerability in the web-based management interface of Cisco BroadWorks CommPilot application could allow an authenticated, remote attacker to perform a server-side request forgery (SSRF) attack on an affected device. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted HTTP request to the web interface. A successful exploit could allow the attacker to obtain confidential information from the BroadWorks server and other device on the network. {{value}} ["%7b%7bvalue%7d%7d"])}]]

Related Vulnerabilities

CVE-2010-1637

MEDIUM

CVSS:6.5(Medium)

The Mail Fetch plugin in SquirrelMail 1.4.20 and earlier allows remote authenticated users to bypass firewall restrictions and use SquirrelMail as a proxy to scan internal networks via a modified POP3...

CWE-9182010

CVE-2017-10973

MEDIUM

CVSS:6.5(Medium)

In FineCMS before 2017-07-06, application/lib/ajax/get_image_data.php has SSRF, related to requests for non-image files with a modified HTTP Host header.

CWE-9182017

CVE-2017-11148

MEDIUM

CVSS:6.5(Medium)

Server-side request forgery (SSRF) vulnerability in link preview in Synology Chat before 1.1.0-0806 allows remote authenticated users to access intranet resources via unspecified vectors.

CWE-9182017

CVE-2017-11149

MEDIUM

CVSS:6.5(Medium)

Server-side request forgery (SSRF) vulnerability in Downloader in Synology Download Station 3.8.x before 3.8.5-3475 and 3.x before 3.5-2984 allows remote authenticated users to download arbitrary loca...

CWE-9182017

CVE-2017-12071

MEDIUM

CVSS:6.5(Medium)

Server-side request forgery (SSRF) vulnerability in file_upload.php in Synology Photo Station before 6.7.4-3433 and 6.3-2968 allows remote authenticated users to download arbitrary local files via the...

CWE-9182017

CVE-2017-15886

MEDIUM

CVSS:6.5(Medium)

Server-side request forgery (SSRF) vulnerability in Link Preview in Synology Chat before 2.0.0-1124 allows remote authenticated users to download arbitrary local files via a crafted URI.

CWE-9182017