Published: 23/04/2021 Updated: 30/07/2022

CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6

CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8

VMScore: 605

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Sipwise C5 NGCP www_csc version 3.6.4 up to and including platform NGCP CE mr3.8.13 allows call/click2dial CSRF attacks for actions with administrative privileges.

Vulnerable Product	Search on Vulmon	Subscribe to Product
sipwise next generation communication platform 3.6.4

The Sipwise application interface allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests This can be exploited to perform certain actions with administrative privileges if a logged-in user visits a malicious web site Versions affected include CE_m3931 and below and NGCP www_admin ...

CWE-352 http://packetstormsecurity.com/files/162318/Sipwise-C5-NGCP-CSC-Cross-Site-Request-Forgery.html https://www.zeroscience.mk/en/vulnerabilities https://www.sipwise.com https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5649.php http://lists.sipwise.com/pipermail/spce-user_lists.sipwise.com/2021-September/014708.html https://nvd.nist.gov https://packetstormsecurity.com/files/162318/Sipwise-C5-NGCP-CSC-Cross-Site-Request-Forgery.html

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2021-31584

Vulnerability Summary

Vulnerability Trend

Exploits

References

Vulmon Search

About

Products

Connect