Skip to main content

Government officials will never ask you to transfer money or disclose bank log-in details over a phone call.

Call the 24/7 ScamShield Helpline at 1799 if you are unsure if something is a scam.

Cyber Security Agency of Singapore
  1. Home
  2. Alerts & Advisories
  3. Alerts
  4. Critical Vulnerability in Cisco BroadWorks
Alerts

Critical Vulnerability in Cisco BroadWorks

8 September 2023

Cisco has released security updates to address a vulnerability (CVE-2023-20238) affecting Cisco BroadWorks Application Delivery Platform and Cisco BroadWorks Xtended Services Platform components. The vulnerability has a Common Vulnerability Scoring System (CVSSv3) score of 10.0 out of 10.0.

This vulnerability affects Cisco BroadWorks Application Delivery Platform and Cisco BroadWorks Xtended Services Platform if users are running a vulnerable release of Cisco BroadWorks and have one of the following applications enabled:

  • AuthenticationService

  • BWCallCenter

  • BWReceptionist

  • CustomMediaFilesRetrieval

  • ModeratorClientApp

  • PublicECLQuery

  • PublicReporting

  • UCAPI

  • Xsi-Actions

  • Xsi-Events

  • Xsi-MMTel

  • Xsi-VTR

Successful exploitation of the vulnerability could allow an attacker to execute arbitrary code, access confidential data, alter user settings and commit toll fraud.

Users and administrators of affected product versions are advised to update to the latest versions immediately:

  • 22.0 and earlier: Migrate to a fixed release

  • 23.0: AP.platform.23.0.1075.ap385341

  • Release Independent (RI): 2023.06_1.333 and 2023.07_1.332

More information is available here:
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-bw-auth-bypass-kCggMWhX
https://www.bleepingcomputer.com/news/security/cisco-broadworks-impacted-by-critical-authentication-bypass-flaw/


Back to top