What specific components are affected by this vulnerability?

The vulnerable components, used for application management and integration, have been identified by Cisco security engineers and are referred to as CVE-2023-20238, assigned a critical CVSS score of 10.0.

Which applications are susceptible to exploitation due to this flaw?

Threat actors can exploit this flaw when specific applications are active on the affected platforms, including AuthenticationService, BWCallCenter, BWReceptionist, CustomMediaFilesRetrieval, ModeratorClientApp, PublicECLQuery, PublicReporting, UCAPI, Xsi-Actions, Xsi-Events, Xsi-MMTel, and Xsi-VTR.

Has there been any reported active exploitation of this vulnerability?

As of now, there have been no reported instances of active exploitation of CVE-2023-20238. However, system administrators are encouraged to apply available updates promptly to mitigate potential risks.

Advisory

Cisco BroadWorks reports critical authentication bypass vulnerability

Q: What is the critical vulnerability affecting Cisco BroadWorks?

The critical vulnerability (CVE-2023-20238) impacts Cisco BroadWorks Application Delivery Platform and Cisco BroadWorks Xtended Services Platform, potentially allowing remote attackers to manipulate credentials and bypass authentication.

Q: What actions can remote attackers potentially perform due to this vulnerability?

Remote attackers may exploit this vulnerability to execute commands, access sensitive data, modify user settings, and engage in toll fraud.

Q: What is the recommended solution to address this vulnerability?

Cisco recommends updating to specific versions, such as AP.platform.23.0.1075.ap385341 for users of the 23.0 branch or versions 2023.06_1.333 or 2023.07_1.332 for users of the release-independent (RI) edition. Users of the 22.0 branch are advised to migrate to a fixed release.

published: Sept. 7, 2023

Take action: If you are using Cisco BroadWorks, this is the time to wake up your engineering team and plan an urgent patch. There is no higher severity score than 10. Even lockdown on a network level is just a temporary fix, because someone else will eventually disable the network lockdown.

Learn More

A critical vulnerability affecting the Cisco BroadWorks Application Delivery Platform and Cisco BroadWorks Xtended Services Platform has been reported, potentially enabling remote attackers to manipulate credentials and bypass authentication, granting them the ability to execute commands, access sensitive data, modify user settings, and engage in toll fraud.

Cisco BroadWorks is a cloud-based communication services platform utilized by businesses and consumers. The vulnerable components, used for application management and integration, were identified by Cisco security engineers and are referred to as CVE-2023-20238, assigned a critical CVSS score of 10.0.

The vulnerability is attributed to the validation method used for Single Sign-On (SSO) tokens, allowing attackers to authenticate with forged credentials. The extent of damage depends on the privilege level of the forged account, with "administrator" accounts posing the greatest risk. However, attackers must have a valid user ID linked to the targeted Cisco BroadWorks system to exploit the flaw, somewhat limiting potential attackers but not reducing the severity of the risk.

Threat actors can exploit this flaw when specific applications are active on the affected platforms, including

AuthenticationService,
BWCallCenter,
BWReceptionist,
CustomMediaFilesRetrieval,
ModeratorClientApp,
PublicECLQuery,
PublicReporting,
UCAPI,
Xsi-Actions,
Xsi-Events,
Xsi-MMTel,
Xsi-VTR.

Other BroadWorks components remain unaffected.

Cisco has not provided workarounds for this vulnerability and recommends updating to specific versions, such as AP.platform.23.0.1075.ap385341 for users of the 23.0 branch or versions 2023.06_1.333 or 2023.07_1.332 for users of the release-independent (RI) edition. Users of the 22.0 branch are also affected, but Cisco will not release a security update for this version, prompting a recommendation for users to migrate to a fixed release.

While there have been no reported instances of active exploitation of CVE-2023-20238, system administrators are advised to apply available updates promptly to mitigate potential risks.

Cisco BroadWorks reports critical authentication bypass vulnerability

Read More
Kibana patches critical arbitrary code execution flaw
Critical flaws reported in end-of-life D-Link DIR-816 routers
Critical nginx-ui Vulnerability CVE-2026-33032 Under Active Exploitation
Ivanti reports active exploitation of vulnerability in Cloud …
HPE fixes critical flaw in 3PAR service processor …