Get in Touch

Get in Touch

Get in Touch

Please get in touch using the form below.

Close form

Home / Threat Intelligence bulletins / Critical authentication bypass vulnerability discovered in Cisco BroadWorks

Target Industry

Indiscriminate, opportunistic targeting.

Overview

A critical vulnerability affecting the Cisco BroadWorks Application Delivery Platform and Cisco BroadWorks Xtended Services Platform has been disclosed. Cisco BroadWorks is a cloud communication services platform, whereby the associated flaw, tracked as CVE-2023-20238 (CVSSv3 score: 10.0), could allow threat actors to bypass authentication on impacted products.

Impact

Successful exploitation of CVE-2023-20238 could allow threat actors to execute commands, modify user settings and ultimately compromise the integrity of data.

Incident Detection

Cisco has released a security update with regards to the product versions affected by the security flaw. As such, previous versions are vulnerable to potential exploitation.

Affected Products

CVE-2023-20238 impacts the Cisco Application Delivery and BroadWorks Xtended Services platforms, provided that at least one of the following applications is active:

AuthenticationService

  • BWCallCenter
  • BWReceptionist
  • CustomMediaFilesRetrieval
  • ModeratorClientApp
  • PublicECLQuery
  • PublicReporting
  • UCAPI
  • Xsi-Actions
  • Xsi-Events
  • Xsi-MMTel
  • Xsi-VTR

Containment, Mitigations & Remediations

It is strongly recommended that users of the affected Cisco products apply the following updates as soon as possible:

  • Version 23.0.1075.ap385341 for users of the 23.0 branch
  • Versions 2023.06_1.333 or 2023.07_1.332 for users of the release independent (RI) edition.

CVE-2023-20238 also affects the 22.0 branch, however, Cisco has stated that no security update will be released for that version. In such cases, it is recommended that users of this branch migrate to a remediated product version.

Indicators of Compromise

No specific Indicators of Compromise (IoCs) are available currently.

Threat Landscape

Cisco occupies a significant proportion of the enterprise network infrastructure market share. Given that threat actors generally utilise a combination of probability and asset value to determine which attack surfaces to focus on, Cisco products have emerged as a prime target. Due to the fact that Cisco products have become an integral aspect of business operations, threat actors will continue to exploit vulnerabilities contained within the associated products in an attempt to extract the sensitive data contained therein.

Threat Group

No attribution to specific threat actors or groups has been identified at the time of writing.

Mitre Methodologies

Common Weakness Enumeration (CWE):

CWE-287 – Improper Authentication

Further Information

Cisco Advisory

 

An Intelligence Terminology Yardstick to showing the likelihood of events