Vulnerabilities

CVE-2023-20238 - Cisco Broadworks Authentication Bypass

Written by Critical Insight | Sep 7, 2023 7:32:00 PM

Cisco Broadworks Application Delivery Platform and Cisco Broadworks Xtended Services Platform

 

Cisco has released a patch to address a vulnerability noted in the SSO (single sign-on) capability of Cisco Broadworks Application Delivery Platform and Cisco Broadworks Xtended Services Platform. The vulnerability might allow an unauthenticated, remote attacker to forge credentials for privileged access to the affected platform. An attacker could leverage that access to commit toll fraud or execute commands at the privilege level of the forged account. The platforms are affected if the applications noted in the Affected Products/Version section are enabled.

CVE-2023-20238 - Cisco BroadWorks Application Delivery Platform and Cisco Xtended Services Platform Authentication Bypass Vulnerability
CVSSv3: 10.0

Affected Products/Versions
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-bw-auth-bypass-kCggMWhX#vp

Mitigations

Additional Resources
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-bw-auth-bypass-kCggMWhX
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-20238
https://www.cisecurity.org/advisory/a-vulnerability-in-cisco-broadworks-application-delivery-platform-and-xtended-services-platform-could-allow-for-arbitrary-code-execution_2023-099