A severe vulnerability has been discovered in the Cisco BroadWorks Application Delivery Platform and the Cisco BroadWorks Xtended Services Platform, which could allow remote attackers to forge credentials and bypass authentication. The affected platforms are components of Cisco BroadWorks, a platform that provides cloud communication services for businesses and consumers.
The vulnerability, designated as CVE-2023-20238, was found by Cisco's internal security engineers. It has been assigned the maximum CVSS score of 10.0, indicating its critical severity. Threat actors exploiting this vulnerability could execute commands, access sensitive data, modify user settings, and even commit toll fraud.
The flaw affects the BroadWorks Application Delivery Platform and the BroadWorks Xtended Services Platform if certain applications are active. However, it does not impact any other BroadWorks components, so users of other products are not required to take any action.
As detailed in Cisco's security advisory, 'This vulnerability is due to the method used to validate SSO (single sign-on) tokens. An attacker could exploit this vulnerability by authenticating to the application with forged credentials.' The extent of the attacker's capabilities post-exploitation is dependent on the privilege level of the forged account, with accounts having 'administrator' privileges being the most severe scenario.
However, to exploit the flaw, the attacker must have a valid user ID associated with the targeted Cisco BroadWorks system. This requirement might limit the number of potential attackers, but it doesn't eliminate the risk, so the threat remains significant.
Cisco has not provided any workarounds for this flaw. Therefore, the advised solution is to update to specific versions of the software for users of the 23.0 branch and the release independent (RI) edition. The vulnerability also affects users of the 22.0 branch, but no security update will be released for this version. Instead, users are advised to migrate to a fixed release.
As of now, there have been no reports of active exploitation of CVE-2023-20238 in the wild. However, system administrators are strongly advised to apply the available updates as soon as possible.