Cisco BroadWorks impacted by critical authentication bypass flaw

2023-09-07 20:10

A critical vulnerability impacting the Cisco BroadWorks Application Delivery Platform and Cisco BroadWorks Xtended Services Platform could allow remote attackers to forge credentials and bypass authentication.

Cisco BroadWorks is a cloud communication services platform for businesses and consumers, while the two mentioned components are used for app management and integration.

The flaw, discovered internally by Cisco security engineers, is tracked as CVE-2023-20238 and rated with a maximum CVSS score of 10.0.

One prerequisite to exploiting the flaw is to have a valid user ID linked to the targeted Cisco BroadWorks system.

Cisco SD-WAN vManage impacted by unauthenticated REST API access.

VMware Aria vulnerable to critical SSH authentication bypass flaw.

News URL

https://www.bleepingcomputer.com/news/security/cisco-broadworks-impacted-by-critical-authentication-bypass-flaw/

#authentication #bypass #cisco #critical #CVE-2023-20238

Related Vulnerability

DATE	CVE	VULNERABILITY TITLE	RISK
2023-09-06	CVE-2023-20238	Unspecified vulnerability in Cisco products A vulnerability in the single sign-on (SSO) implementation of Cisco BroadWorks Application Delivery Platform and Cisco BroadWorks Xtended Services Platform could allow an unauthenticated, remote attacker to forge the credentials required to access an affected system. This vulnerability is due to the method used to validate SSO tokens. network low complexity cisco critical	9.8

Related vendor

VENDOR	LAST 12M	#/PRODUCTS	LOW	MEDIUM	HIGH	CRITICAL	TOTAL VULNS
Cisco		4448	231	3066	1825	609	5731

News URL

Related news

Related Vulnerability

Related vendor