Advisory No: TZCERT/SA/2023/09/08
Date of First Release: 8th September 2023
Software Affected: Cisco BroadWorks Application Delivery Platform and Cisco BroadWorks Xtended Services Platform
A vulnerability classified as critical has been identified to affect an unknown functionality of the component Single Sign-On (SSO). The vulnerability may allow an attacker to compromise the confidentiality, integrity and availability of the affected system.
A weakness in the method used to validate SSO tokens in the Cisco BroadWorks could allow an unauthenticated remote attacker to forge credentials required to the affected system. Upon successful exploitation of the vulnerability, an attacker with administrative privileged account will have the ability to view confidential information, modify customer settings or modify settings for other users.
Successful exploitation of this vulnerability may allow the attacker to execute commands at the privilege level of the forged account.
Cisco has released a patch for this vulnerability. Users and administrators are encouraged to apply necessary updates.