Get in Touch
Critical authentication bypass vulnerability discovered in Cisco BroadWorks
Target Industry
Indiscriminate, opportunistic targeting.
Overview
A critical vulnerability affecting the Cisco BroadWorks Application Delivery Platform and Cisco BroadWorks Xtended Services Platform has been disclosed. Cisco BroadWorks is a cloud communication services platform, whereby the associated flaw, tracked as CVE-2023-20238 (CVSSv3 score: 10.0), could allow threat actors to bypass authentication on impacted products.
Impact
Successful exploitation of CVE-2023-20238 could allow threat actors to execute commands, modify user settings and ultimately compromise the integrity of data.
Incident Detection
Cisco has released a security update with regards to the product versions affected by the security flaw. As such, previous versions are vulnerable to potential exploitation.
Affected Products
CVE-2023-20238 impacts the Cisco Application Delivery and BroadWorks Xtended Services platforms, provided that at least one of the following applications is active:
AuthenticationService
- BWCallCenter
- BWReceptionist
- CustomMediaFilesRetrieval
- ModeratorClientApp
- PublicECLQuery
- PublicReporting
- UCAPI
- Xsi-Actions
- Xsi-Events
- Xsi-MMTel
- Xsi-VTR
Containment, Mitigations & Remediations
It is strongly recommended that users of the affected Cisco products apply the following updates as soon as possible:
- Version 23.0.1075.ap385341 for users of the 23.0 branch
- Versions 2023.06_1.333 or 2023.07_1.332 for users of the release independent (RI) edition.
CVE-2023-20238 also affects the 22.0 branch, however, Cisco has stated that no security update will be released for that version. In such cases, it is recommended that users of this branch migrate to a remediated product version.
Indicators of Compromise
No specific Indicators of Compromise (IoCs) are available currently.
Threat Landscape
Cisco occupies a significant proportion of the enterprise network infrastructure market share. Given that threat actors generally utilise a combination of probability and asset value to determine which attack surfaces to focus on, Cisco products have emerged as a prime target. Due to the fact that Cisco products have become an integral aspect of business operations, threat actors will continue to exploit vulnerabilities contained within the associated products in an attempt to extract the sensitive data contained therein.
Threat Group
No attribution to specific threat actors or groups has been identified at the time of writing.
Mitre Methodologies
Common Weakness Enumeration (CWE):
CWE-287 – Improper Authentication
Further Information
