CVE-2023-20216Improper Privilege Management in Cisco Broadworks Application Delivery Platform

CWE-269Improper Privilege ManagementCWE-732Incorrect Permission Assignment4 documents4 sources
Severity
7.8HIGHNVD
CNA4.4
EPSS
0.0%
top 98.47%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
13
Cisco Broadworks Application Delivery PlatformCisco Broadworks Application ServerCisco Broadworks Database Server+10 more
Timeline
PublishedAug 3
Latest updateAug 4

Description

A vulnerability in the privilege management functionality of all Cisco BroadWorks server types could allow an authenticated, local attacker to elevate privileges to root on an affected system. This vulnerability is due to incorrect implementation of user role permissions. An attacker could exploit this vulnerability by authenticating to the application as a user with the BWORKS or BWSUPERADMIN role and issuing crafted commands on an affected system. A successful exploit could allow the attacker

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages13 packages

NVDcisco/broadworks_application_server24.024.0.2023.05+2
NVDcisco/broadworks_network_server< 23.0.2023.05+1
NVDcisco/broadworks_profile_server< 23.0.2023.05+1

🔴Vulnerability Details

2
GHSA
GHSA-cqj5-c26p-jcv4: A vulnerability in the privilege management functionality of all Cisco BroadWorks server types could allow an authenticated, local attacker to elevate2023-08-04
CVEList
CVE-2023-20216: A vulnerability in the privilege management functionality of all Cisco BroadWorks server types could allow an authenticated, local attacker to elevate2023-08-03

📋Vendor Advisories

1
Cisco
Cisco BroadWorks Privilege Escalation Vulnerability2023-07-19
CVE-2023-20216 — Improper Privilege Management in Cisco | cvebase