Warning: Critical authentication bypass vulnerability in Cisco BroadWorks Application Delivery Platform and Xtended Services Platform
Reference:
Advisory #2023-106
Version:
1.0
Affected software:
Cisco BroadWorks Application Delivery Platform and Xtended Services Platform
Type:
Authentication bypass vulnerability
CVE/CVSS:
CVE-2023-20238 AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Date:
08/09/2023
Sources
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdv...
Risks
CVE-2023-20238 is a critical authentication bypass in the single sign-on (SSO) implementation of Cisco BroadWorks Application Delivery Platform and Cisco BroadWorks Xtended Services Platform that could allow an unauthenticated, remote attacker to forge the credentials required to access an affected system.
An attacker could exploit this vulnerability by using forged credentials to authenticate to the application. The attacker could then execute commands at the level of the forged account.
The impact on data confidentiality, integrity and service availability is high.
Description
On the 6th of September Cisco published a security advisory for CVE-2023-20238.
This vulnerability is due to method that is used to validate tokens. This allows a remote unauthenticated attacker to forge credentials and use it to authenticate to the application.
Once successfully exploited the attacker gets the same privileges of the forged account.
One requirement to exploit this vulnerability is having a valid user ID that is associated with an affected Cisco BroadWorks system.
Vulnerable software
If you have a vulnerable version of Cisco BroadWorks Application Delivery Platform and Cisco BroadWorks Xtended Services Platform and one of the services below is running, the vulnerability can be exploited.
- AuthenticationService
- BWCallCenter
- BWReceptionist
- CustomMediaFilesRetrieval
- ModeratorClientApp
- PublicECLQuery
- PublicReporting
- UCAPI
- Xsi-Actions
- Xsi-Events
- Xsi-MMTel
- Xsi-VTR
Vulnerable version
Cisco BroadWorks Application Delivery Platform and Cisco BroadWorks Xtended Services Platform:
- version 22.0 and earlier
- version 23.0
- release indepentent
Recommended Actions
The Centre for Cyber Security Belgium strongly recommends system administrators to take the following actions:
Update
Install the patches released by Cisco: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdv...
Mitigate/workaround
No specific mitigations or workaround provided by Cisco.
Monitor/Detect
The CCB recommends organizations to upscale monitoring and detection capabilities and to detect any related suspicious activity, ensuring a fast response in case of an intrusion. While patching appliances or software to the newest version may provide safety from future exploitation, it does not remediate historic compromise. When applying patches to systems that have been vulnerable to an authentication bypass, a proactive threat assessment should be performed to verify the device was not accessed from an unknown IP or location.