A huge collection of 3400+ free website templates JAR theme com WP themes and more at the biggest community-driven free web design site
Home / security-advisories / Cisco BroadWorks Application Delivery Platform and Xtended Services Platform Authentication Bypass Vulnerability (CVE-2023-20238)

Cisco BroadWorks Application Delivery Platform and Xtended Services Platform Authentication Bypass Vulnerability (CVE-2023-20238)

Advisory No: TZCERT/SA/2023/09/08

Date of First Release: 8th September 2023

Source: CISCO

Software Affected:  Cisco BroadWorks Application Delivery Platform and Cisco BroadWorks Xtended Services Platform

Overview:

A vulnerability classified as critical has been identified to affect an unknown functionality of the component Single Sign-On (SSO). The vulnerability may allow an attacker to compromise the confidentiality, integrity and availability of the affected system.

Description:

A weakness in the method used to validate SSO tokens in the Cisco BroadWorks could allow an unauthenticated remote attacker to forge credentials required to the affected system. Upon successful exploitation of the vulnerability, an attacker with administrative privileged account will have the ability to view confidential information, modify customer settings or modify settings for other users.

Impact:

Successful exploitation of this vulnerability may allow the attacker to execute commands at the privilege level of the forged account.

Solution:

Cisco has released a patch for this vulnerability. Users and administrators are encouraged to apply necessary updates.

References:

  1. https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-bw-auth-bypass-kCggMWhX

Check Also

Critical Authentication Bypass Vulnerability in The GitHub Enterprise Server (CVE-2024-4985)

Advisory No: TZCERT/SA/2024/05/23 Date of First Release: 23rd May 2024 Source: GitHub Software Affected: GitHub …