cbcvebase.
CVE-2023-20238
published 2023-09-06

CVE-2023-20238: A vulnerability in the single sign-on (SSO) implementation of Cisco BroadWorks Application Delivery Platform and Cisco BroadWorks Xtended Services Platform…

PriorityP275critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
15.32%
96.4th percentile
A vulnerability in the single sign-on (SSO) implementation of Cisco BroadWorks Application Delivery Platform and Cisco BroadWorks Xtended Services Platform could allow an unauthenticated, remote attacker to forge the credentials required to access an affected system. This vulnerability is due to the method used to validate SSO tokens. An attacker could exploit this vulnerability by authenticating to the application with forged credentials. A successful exploit could allow the attacker to commit toll fraud or to execute commands at the privilege level of the forged account. If that account is an Administrator account, the attacker would have the ability to view confidential information, modify customer settings, or modify settings for other users. To exploit this vulnerability, the attacker would need a valid user ID that is associated with an affected Cisco BroadWorks system.

Affected

598 ranges· showing 25
VendorProductVersion rangeFixed in
ciscobroadworks_application_delivery_platform
ciscobroadworks_application_delivery_platform
ciscobroadworks_application_delivery_platform_and_xtended_services_platform
ciscobroadworks_xtended_services_platform< 23.0.1075.ap38424523.0.1075.ap384245
ciscobroadworks_xtended_services_platform
ciscobroadworks_xtended_services_platform
ciscocisco_broadworks
ciscocisco_broadworks
ciscocisco_broadworks
ciscocisco_broadworks
ciscocisco_broadworks
ciscocisco_broadworks
ciscocisco_broadworks
ciscocisco_broadworks
ciscocisco_broadworks
ciscocisco_broadworks
ciscocisco_broadworks
ciscocisco_broadworks
ciscocisco_broadworks
ciscocisco_broadworks
ciscocisco_broadworks
ciscocisco_broadworks
ciscocisco_broadworks
ciscocisco_broadworks
ciscocisco_broadworks

Detection & IOCsextracted from sources · hover to see the quote

  • Exploitation requires authenticating to the application with forged SSO credentials — monitor for authentication events using tokens not issued by the legitimate identity provider, especially from accounts with no prior login history.
  • Attacker must supply a valid user ID associated with the targeted BroadWorks system — monitor for successful SSO authentications originating from unexpected or external IP addresses, particularly for privileged/Administrator accounts.
  • Post-exploitation indicators include unexpected toll fraud activity, unauthorized configuration changes to customer or user settings, and command execution under Administrator privilege level — correlate BroadWorks admin audit logs for anomalous changes.
  • ·Only Cisco BroadWorks Application Delivery Platform and Cisco BroadWorks Xtended Services Platform are affected; no other BroadWorks components are in scope.
  • ·The 22.0 branch will NOT receive a security patch; operators on that version must migrate to a fixed release rather than patch in place.
  • ·Fixed versions are AP.platform.23.0.1075.ap385341 (23.0 branch) and 2023.06_1.333 or 2023.07_1.332 (Release Independent edition); there are no workarounds.
  • ·There are no workarounds available for this vulnerability; patching or migration is the only remediation path.

CVSS provenance

nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
vendor_cisco10.0CRITICAL
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.