Share this
by Critical Insight on September 7, 2023
Cisco Broadworks Application Delivery Platform and Cisco Broadworks Xtended Services Platform
Cisco has released a patch to address a vulnerability noted in the SSO (single sign-on) capability of Cisco Broadworks Application Delivery Platform and Cisco Broadworks Xtended Services Platform. The vulnerability might allow an unauthenticated, remote attacker to forge credentials for privileged access to the affected platform. An attacker could leverage that access to commit toll fraud or execute commands at the privilege level of the forged account. The platforms are affected if the applications noted in the Affected Products/Version section are enabled.
CVE-2023-20238 - Cisco BroadWorks Application Delivery Platform and Cisco Xtended Services Platform Authentication Bypass Vulnerability
CVSSv3: 10.0
Affected Products/Versions
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-bw-auth-bypass-kCggMWhX#vp
Mitigations
Additional Resources
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-bw-auth-bypass-kCggMWhX
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-20238
https://www.cisecurity.org/advisory/a-vulnerability-in-cisco-broadworks-application-delivery-platform-and-xtended-services-platform-could-allow-for-arbitrary-code-execution_2023-099