A critical vulnerability impacting the Cisco BroadWorks Application Delivery Platform and Cisco BroadWorks Xtended Services Platform could allow remote attackers to forge credentials and bypass authentication.
Cisco BroadWorks is a cloud communication services platform for businesses and consumers, while the two mentioned components are used for app management and integration.
The flaw, discovered internally by Cisco security engineers, is tracked as CVE-2023-20238 and rated with a maximum CVSS score of 10.0 (critical).
By exploiting the flaw, threat actors can freely execute commands, access confidential data, alter user settings, and commit toll fraud.
The vulnerability affects the Cisco Application Delivery Platform and BroadWorks Xtended Services Platform if one of the following apps is active on them:
- AuthenticationService
- BWCallCenter
- BWReceptionist
- CustomMediaFilesRetrieval
- ModeratorClientApp
- PublicECLQuery
- PublicReporting
- UCAPI
- Xsi-Actions
- Xsi-Events
- Xsi-MMTel
- Xsi-VTR
CVE-2023-20238 does not impact any other BroadWorks components apart from the two mentioned in the advisory, so users of other products do not need to take any action.
“This vulnerability is due to the method used to validate SSO (single sign-on) tokens,” reads Cisco’s security advisory.
“An attacker could exploit this vulnerability by authenticating to the application with forged credentials.”
The capabilities given to the attacker post-exploitation depend on the privilege level of the forged account, with “administrator” accounts being the worst possible scenario.
However, one prerequisite to exploiting the flaw is to have a valid user ID linked to the targeted Cisco BroadWorks system.
This condition might reduce the number of potential attackers who can exploit CVE-2023-20238, but it doesn’t mitigate the problem, so the risk remains severe.
Cisco has provided no workarounds for this flaw, so the recommended solution is to update to AP.platform.23.0.1075.ap385341 for users of the 23.0 branch and to versions 2023.06_1.333 or 2023.07_1.332 for users of the release independent (RI) edition.
CVE-2023-20238 also impacts users of the 22.0 branch, but Cisco will not be releasing a security update for that version, so the suggested response for users of the older version is to migrate to a fixed release.
Currently, there are no reports of active exploitation of CVE-2023-20238 in the wild, but system admins should apply the available updates as soon as possible nonetheless.