Cisco on Wednesday announced patches for a critical-severity vulnerability in the BroadWorks Application Delivery Platform and BroadWorks Xtended Services Platform.
Tracked as CVE-2023-20238, the vulnerability affecting the BroadWorks calling and collaboration platform was identified in the single sign-on (SSO) implementation and could be exploited by remote, unauthenticated attackers to forge credentials and access affected systems.
“This vulnerability is due to the method used to validate SSO tokens. An attacker could exploit this vulnerability by authenticating to the application with forged credentials. A successful exploit could allow the attacker to commit toll fraud or to execute commands at the privilege level of the forged account,” Cisco explains in an advisory.
The tech giant notes that the attacker would need a valid user ID associated with the affected BroadWorks system to exploit the flaw. Despite this condition, the vulnerability has a CVSS score of 10.0.
The issue, Cisco says, impacts affected BroadWorks releases running AuthenticationService, BWCallCenter, BWReceptionist, CustomMediaFilesRetrieval, ModeratorClientApp, PublicECLQuery, PublicReporting, UCAPI, Xsi-Actions, Xsi-Events, Xsi-MMTel, or Xsi-VTR.
Cisco BroadWorks Application Delivery Platform and BroadWorks Xtended Services Platform version AP.platform.23.0.1075.ap385341 resolves the vulnerability. Cisco also announced independent releases 2023.06_1.333 and 2023.07_1.332 that contain the necessary patches.
On Wednesday, Cisco also released patches for a high-severity denial-of-service (DoS) vulnerability in the Identity Services Engine (ISE).
Tracked as CVE-2023-20243, the issue exists because certain RADIUS accounting requests are not handled properly. An attacker sending crafted requests to a network access device that uses Cisco ISE directly could cause the RADIUS process to restart, denying user access to the network or service.
The vulnerability impacts Cisco ISE versions 3.1 and 3.2 only and was addressed with the release of Cisco ISE versions 3.1P7 and 3.2P3.
The tech giant says it is not aware of any of these vulnerabilities being exploited in malicious attacks.
Additional information can be found on Cisco’s product security page.