Description

Sipwise C5 NGCP www_csc version 3.6.4 up to and including platform NGCP CE mr3.8.13 allows call/click2dial CSRF attacks for actions with administrative privileges.

Related CPE's

a

sipwise

next_generation_communication_platform

3.6.4

*

*

*

ce

Vulnerable

References

http://lists.sipwise.com/pipermail/spce-user_lists.sipwise.com/2021-September/014708.html

Mailing ListVendor Advisory

http://packetstormsecurity.com/files/162318/Sipwise-C5-NGCP-CSC-Cross-Site-Request-Forgery.html

ExploitThird Party AdvisoryVDB Entry

https://www.sipwise.com

Product

https://www.zeroscience.mk/en/vulnerabilities

ExploitThird Party Advisory

https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5649.php

Third Party Advisory

Weaknesses

[email protected]

Primary
CWE-352

CVSS impact metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

8.8 · High

  • CVSS V3.1

  • CVSS V3.0

  • CVSS V2.0

Information

Source identifier

[email protected]

Vulnerability status

Analyzed

Published

2021-04-23T21:15:08.343

4 years ago

Last modified

2022-07-30T03:45:01.943

2 years ago