Warning: Critical authentication bypass vulnerability in Cisco BroadWorks Application Delivery Platform and Xtended Services Platform
Cisco BroadWorks Application Delivery Platform and Xtended Services Platform
Authentication bypass vulnerability
CVE-2023-20238 is a critical authentication bypass in the single sign-on (SSO) implementation of Cisco BroadWorks Application Delivery Platform and Cisco BroadWorks Xtended Services Platform that could allow an unauthenticated, remote attacker to forge the credentials required to access an affected system.
An attacker could exploit this vulnerability by using forged credentials to authenticate to the application. The attacker could then execute commands at the level of the forged account.
The impact on data confidentiality, integrity and service availability is high.
On the 6th of September Cisco published a security advisory for CVE-2023-20238.
This vulnerability is due to method that is used to validate tokens. This allows a remote unauthenticated attacker to forge credentials and use it to authenticate to the application.
Once successfully exploited the attacker gets the same privileges of the forged account.
One requirement to exploit this vulnerability is having a valid user ID that is associated with an affected Cisco BroadWorks system.
If you have a vulnerable version of Cisco BroadWorks Application Delivery Platform and Cisco BroadWorks Xtended Services Platform and one of the services below is running, the vulnerability can be exploited.
Cisco BroadWorks Application Delivery Platform and Cisco BroadWorks Xtended Services Platform:
- version 22.0 and earlier
- version 23.0
- release indepentent
The Centre for Cyber Security Belgium strongly recommends system administrators to take the following actions:
Install the patches released by Cisco: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdv...
No specific mitigations or workaround provided by Cisco.
The CCB recommends organizations to upscale monitoring and detection capabilities and to detect any related suspicious activity, ensuring a fast response in case of an intrusion. While patching appliances or software to the newest version may provide safety from future exploitation, it does not remediate historic compromise. When applying patches to systems that have been vulnerable to an authentication bypass, a proactive threat assessment should be performed to verify the device was not accessed from an unknown IP or location.