cisco broadworks-application-server CVE-2021-1562 vulnerability in Cisco Products
Published on July 8, 2021

Cisco BroadWorks Application Server Information Disclosure Vulnerability
A vulnerability in the XSI-Actions interface of Cisco BroadWorks Application Server could allow an authenticated, remote attacker to access sensitive information on an affected system. This vulnerability is due to improper input validation and authorization of specific commands that a user can execute within the XSI-Actions interface. An attacker could exploit this vulnerability by authenticating to an affected device and issuing a specific set of commands. A successful exploit could allow the attacker to join a Call Center instance and have calls that they do not have permissions to access distributed to them from the Call Center queue. At the time of publication, Cisco had not released updates that address this vulnerability for Cisco BroadWorks Application Server. However, firmware patches are available.

Vendor Advisory NVD

Vulnerability Analysis

CVE-2021-1562 is exploitable with network access, and requires small amount of user privileges. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have a small impact on confidentiality, a small impact on integrity and availability.

Attack Vector:
NETWORK
Attack Complexity:
LOW
Privileges Required:
LOW
User Interaction:
NONE
Scope:
UNCHANGED
Confidentiality Impact:
LOW
Integrity Impact:
NONE
Availability Impact:
NONE

Weakness Type

What is an Information Disclosure Vulnerability?

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

CVE-2021-1562 has been classified to as an Information Disclosure vulnerability or weakness.


Products Associated with CVE-2021-1562

stack.watch emails you whenever new vulnerabilities are published in Cisco Broadworks Application Server or Cisco Broadworks. Just hit a watch button to start following.

Cisco Broadworks Application Server
 
Cisco Broadworks
 

Affected Versions

Cisco BroadWorks Version n/a is affected by CVE-2021-1562

Exploit Probability

EPSS
0.21%
Percentile
42.96%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.