Rewterz Threat Advisory – CVE-2022-20948 – Cisco BroadWorks Hosted Thin Receptionist Vulnerability

Rewterz Threat Advisory – CVE-2022-20929 – Cisco Enterprise NFV Infrastructure Software (NFVIS) Vulnerability

October 6, 2022

Rewterz Threat Advisory – CVE-2022-20917 – Cisco Jabber Client Software Vulnerability

October 6, 2022

Rewterz Threat Advisory – CVE-2022-20948 – Cisco BroadWorks Hosted Thin Receptionist Vulnerability

Severity

Medium

Analysis Summary

CVE-2022-20948

Cisco BroadWorks Hosted Thin Receptionist is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote authenticated attacker could exploit this vulnerability using a specially-crafted URL to execute a script in a victim’s Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim’s cookie-based authentication credentials.

Impact

Cross-Site Scripting

Indicators Of Compromise

CVE

CVE-2022-20948

Affected Vendors

Cisco

Affected Products

Cisco BroadWorks Hosted Thin Receptionist

Remediation

Refer to Cisco Security Advisory for patch, upgrade or suggested workaround information.

Cisco Security Advisory

Rewterz Threat Advisory – CVE-2022-20929 – Cisco Enterprise NFV Infrastructure Software (NFVIS) Vulnerability

Rewterz Threat Advisory – CVE-2022-20917 – Cisco Jabber Client Software Vulnerability

Rewterz Threat Advisory – CVE-2022-20948 – Cisco BroadWorks Hosted Thin Receptionist Vulnerability

Severity

Analysis Summary

Impact

Indicators Of Compromise

CVE

Affected Vendors

Affected Products

Remediation

Security Operations Centers across the region

Saudi Arabia

UAE

Oman

Pakistan