CVE-2023-20238
published 2023-09-06CVE-2023-20238: A vulnerability in the single sign-on (SSO) implementation of Cisco BroadWorks Application Delivery Platform and Cisco BroadWorks Xtended Services Platform…
PriorityP275critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
15.32%
96.4th percentile
A vulnerability in the single sign-on (SSO) implementation of Cisco BroadWorks Application Delivery Platform and Cisco BroadWorks Xtended Services Platform could allow an unauthenticated, remote attacker to forge the credentials required to access an affected system.
This vulnerability is due to the method used to validate SSO tokens. An attacker could exploit this vulnerability by authenticating to the application with forged credentials. A successful exploit could allow the attacker to commit toll fraud or to execute commands at the privilege level of the forged account. If that account is an Administrator account, the attacker would have the ability to view confidential information, modify customer settings, or modify settings for other users. To exploit this vulnerability, the attacker would need a valid user ID that is associated with an affected Cisco BroadWorks system.
Affected
598 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| cisco | broadworks_application_delivery_platform | — | — |
| cisco | broadworks_application_delivery_platform | — | — |
| cisco | broadworks_application_delivery_platform_and_xtended_services_platform | — | — |
| cisco | broadworks_xtended_services_platform | < 23.0.1075.ap384245 | 23.0.1075.ap384245 |
| cisco | broadworks_xtended_services_platform | — | — |
| cisco | broadworks_xtended_services_platform | — | — |
| cisco | cisco_broadworks | — | — |
| cisco | cisco_broadworks | — | — |
| cisco | cisco_broadworks | — | — |
| cisco | cisco_broadworks | — | — |
| cisco | cisco_broadworks | — | — |
| cisco | cisco_broadworks | — | — |
| cisco | cisco_broadworks | — | — |
| cisco | cisco_broadworks | — | — |
| cisco | cisco_broadworks | — | — |
| cisco | cisco_broadworks | — | — |
| cisco | cisco_broadworks | — | — |
| cisco | cisco_broadworks | — | — |
| cisco | cisco_broadworks | — | — |
| cisco | cisco_broadworks | — | — |
| cisco | cisco_broadworks | — | — |
| cisco | cisco_broadworks | — | — |
| cisco | cisco_broadworks | — | — |
| cisco | cisco_broadworks | — | — |
| cisco | cisco_broadworks | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Exploitation requires authenticating to the application with forged SSO credentials — monitor for authentication events using tokens not issued by the legitimate identity provider, especially from accounts with no prior login history. ↗
- →Attacker must supply a valid user ID associated with the targeted BroadWorks system — monitor for successful SSO authentications originating from unexpected or external IP addresses, particularly for privileged/Administrator accounts. ↗
- →Post-exploitation indicators include unexpected toll fraud activity, unauthorized configuration changes to customer or user settings, and command execution under Administrator privilege level — correlate BroadWorks admin audit logs for anomalous changes. ↗
- ·Only Cisco BroadWorks Application Delivery Platform and Cisco BroadWorks Xtended Services Platform are affected; no other BroadWorks components are in scope. ↗
- ·The 22.0 branch will NOT receive a security patch; operators on that version must migrate to a fixed release rather than patch in place. ↗
- ·Fixed versions are AP.platform.23.0.1075.ap385341 (23.0 branch) and 2023.06_1.333 or 2023.07_1.332 (Release Independent edition); there are no workarounds. ↗
- ·There are no workarounds available for this vulnerability; patching or migration is the only remediation path. ↗
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
vendor_cisco10.0CRITICAL
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Cisco
Cisco BroadWorks Application Delivery Platform and Xtended Services Platform Authentication Bypass Vulnerability
vendor_cisco·2023-09-06·CVSS 10.0
CVE-2023-20238 [CRITICAL] CWE-287 Cisco BroadWorks Application Delivery Platform and Xtended Services Platform Authentication Bypass Vulnerability
Cisco BroadWorks Application Delivery Platform and Xtended Services Platform Authentication Bypass Vulnerability
A vulnerability in the single sign-on (SSO) implementation of Cisco BroadWorks Application Delivery Platform and Cisco BroadWorks Xtended Services Platform could allow an unauthenticated, remote attacker to forge the credentials required to access an affected system.
This vulnerability is due to the method used to validate SSO tokens. An attacker could exploit this vulnerability by authenticating to the application with forged credentials. A successful exploit could allow the attacker to commit toll fraud or to execute commands at the privilege level of the forged account. If that account is an Administrator account, the attacker would have the ability to view confidential inf
Cisco
Cisco BroadWorks Application Delivery Platform and Xtended Services Platform Authentication Bypass Vulnerability
vendor_cisco·CVSS 3.1
CVE-2023-20238 Cisco BroadWorks Application Delivery Platform and Xtended Services Platform Authentication Bypass Vulnerability
CVE-2023-20238: Cisco BroadWorks Application Delivery Platform and Xtended Services Platform Authentication Bypass Vulnerability
A vulnerability in the single sign-on (SSO) implementation of Cisco BroadWorks Application Delivery Platform and Cisco BroadWorks Xtended Services Platform could allow an unauthenticated, remote attacker to forge the credentials required to access an affected system. This vulnerability is due to the method used to validate SSO tokens. An attacker could exploit this vulnerability by authenticating to the application with forged credentials. A successful exploit could allow the attacker to commit toll fraud or to execute commands at the privilege level of the forged account. If that account is an Administrator account, the attacker would have the ability to view co
GHSA
GHSA-mgh9-rchv-m7c2: A vulnerability in the single sign-on (SSO) implementation of Cisco BroadWorks Application Delivery Platform and Cisco BroadWorks Xtended Services Pla
ghsa_unreviewed·2023-09-06
CVE-2023-20238 [CRITICAL] CWE-287 GHSA-mgh9-rchv-m7c2: A vulnerability in the single sign-on (SSO) implementation of Cisco BroadWorks Application Delivery Platform and Cisco BroadWorks Xtended Services Pla
A vulnerability in the single sign-on (SSO) implementation of Cisco BroadWorks Application Delivery Platform and Cisco BroadWorks Xtended Services Platform could allow an unauthenticated, remote attacker to forge the credentials required to access an affected system.
This vulnerability is due to the method used to validate SSO tokens. An attacker could exploit this vulnerability by authenticating to the application with forged credentials. A successful exploit could allow the attacker to commit toll fraud or to execute commands at the privilege level of the forged account. If that account is an Administrator account, the attacker would have the ability to view confidential information, modify customer settings, or modify settings for other users. To exploit this vulnerability, the attacke
No detection rules found.
No public exploits indexed.
Checkpoint
11th September – Threat Intelligence Report
blogs_checkpoint·2023-09-11·CVSS 9.8
CVE-2022-47966 [CRITICAL] 11th September – Threat Intelligence Report
Latest Publications
CPR Podcast Channel
AI Research
Web 3.0 Security
Intelligence Reports
ThreatCloud AI
Threat Intelligence & Research
Zero Day Protection
Sandblast File Analysis
About Us
SUBSCRIBE
2026
2025
2024
2023
2022
2021
2020
2019
2018
2017
2016
## 11th September – Threat Intelligence Report
For the latest discoveries in cyber research for the week of 11th September, please download our Threat_Intelligence Bulletin .
TOP ATTACKS AND BREACHES
Check Point warns of a recent Email phishing campaign abusing the data visualization tool – Google Looker Studio. Attackers use the tool to send slideshow emails to victims from official Google accounts, instructing them to visit 3 rd party websites to collect cryptocurrency. The websites will then prompt the victims
Bleepingcomputer
Cisco BroadWorks impacted by critical authentication bypass flaw
blogs_bleepingcomputer·2023-09-07·CVSS 10.0
[CRITICAL] Cisco BroadWorks impacted by critical authentication bypass flaw
## Cisco BroadWorks impacted by critical authentication bypass flaw
## Bill Toulas
A critical vulnerability impacting the Cisco BroadWorks Application Delivery Platform and Cisco BroadWorks Xtended Services Platform could allow remote attackers to forge credentials and bypass authentication.
Cisco BroadWorks is a cloud communication services platform for businesses and consumers, while the two mentioned components are used for app management and integration.
The flaw, discovered internally by Cisco security engineers, is tracked as CVE-2023-20238 and rated with a maximum CVSS score of 10.0 (critical).
By exploiting the flaw, threat actors can freely execute commands, access confidential data, alter user settings, and commit toll fraud.
The vulnerability affects the Cisco Application
2023-09-06
Published