Critical Vulnerability in Cisco BroadWorks
Published on 08 Sep 2023
Cisco has released security updates to address a vulnerability (CVE-2023-20238) affecting Cisco BroadWorks Application Delivery Platform and Cisco BroadWorks Xtended Services Platform components. The vulnerability has a Common Vulnerability Scoring System (CVSSv3) score of 10.0 out of 10.0.
This vulnerability affects Cisco BroadWorks Application Delivery Platform and Cisco BroadWorks Xtended Services Platform if users are running a vulnerable release of Cisco BroadWorks and have one of the following applications enabled:
Users and administrators of affected product versions are advised to update to the latest versions immediately:
This vulnerability affects Cisco BroadWorks Application Delivery Platform and Cisco BroadWorks Xtended Services Platform if users are running a vulnerable release of Cisco BroadWorks and have one of the following applications enabled:
- AuthenticationService
- BWCallCenter
- BWReceptionist
- CustomMediaFilesRetrieval
- ModeratorClientApp
- PublicECLQuery
- PublicReporting
- UCAPI
- Xsi-Actions
- Xsi-Events
- Xsi-MMTel
- Xsi-VTR
Users and administrators of affected product versions are advised to update to the latest versions immediately:
- 22.0 and earlier: Migrate to a fixed release
- 23.0: AP.platform.23.0.1075.ap385341
- Release Independent (RI): 2023.06_1.333 and 2023.07_1.332
More information is available here:
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-bw-auth-bypass-kCggMWhX
https://www.bleepingcomputer.com/news/security/cisco-broadworks-impacted-by-critical-authentication-bypass-flaw/
