Security News > 2023 > September > Cisco Issues Urgent Fix for Authentication Bypass Bug Affecting BroadWorks Platform

It's described as an authentication bypass flaw in the Cisco BroadWorks Application Delivery Platform and Cisco BroadWorks Xtended Services Platform.

"If that account is an Administrator account, the attacker would have the ability to view confidential information, modify customer settings, or modify settings for other users. To exploit this vulnerability, the attacker would need a valid user ID that is associated with an affected Cisco BroadWorks system."

Also resolved by Cisco is a high-severity flaw in the RADIUS message processing feature of Cisco Identity Services Engine that could allow an unauthenticated, remote attacker to cause the affected system to stop processing RADIUS packets.

"A successful exploit could allow the attacker to cause the RADIUS process to unexpectedly restart, resulting in authentication or authorization timeouts and denying legitimate users access to the network or service."

The vulnerability has been fixed in Junos OS 23.4R1 and Junos OS Evolved 23.4R1-EVO. In a related development, CERT Coordination Center detailed an unpatched authentication bypass vulnerability in Tenda's N300 Wireless N VDSL2 Modem Router that could allows a remote, unauthenticated user to access sensitive information via a specially crafted request.

"An unauthenticated attacker could thereby gain access to sensitive information, such as the Administrative password, which could be used to launch additional attacks."

News URL

https://thehackernews.com/2023/09/cisco-issues-urgent-fix-for.html