Two Cisco BroadWorks services have been hit by a serious vulnerability. It allows hackers to gain access to a system.
The vulnerability known as CVE-2023-20238 has received the maximum CVSS score of 10.0, demonstrating its high severity. Attackers can remotely forge login credentials to bypass authentication on BroadWorks Application Delivery Platform and BroadWorks Xtended Services Platform.
Both BroadWorks cloud communications services platform apps are used for application management and integration.
Impact of vulnerability
Misuse of the vulnerability by falsifying login credentials and obtaining admin privileges can lead to unattended command execution, access to confidential information, changing user settings and fraud via high volumes of calls.
Services are affected by the vulnerability if they have a number of applications actively running on them. These applications are: AuthenticationService, BWCallCenter, BWReceptionist, CustomMediaFilesRetrieval, ModeratorClientApp, PublicECLQuery, PublicReporting, UCAPI, Xsi-Actions, Xsi-Events, Xsi-MMTel and Xsi-VTR.
Other components in the BroadWorks portfolio are not affected by the vulnerability.
Quick updates desired
The vulnerability may be mitigated by the fact that hackers do need to have a valid user ID before they can attack a BroadWorks system. In addition, no active misuse of CVE-2023-20238 would have been reported yet.
Nevertheless, Cisco recommends that users of the 23.0 version make haste in upgrading their services to AP.platform.23.0.1075.ap385341. Users of the RI edition should quickly update to Ap.platform.2023.06_1.333 or 2023.07_1.332. Cisco is not making workarounds available.