CVE-2023-20238

CWE-287 — Improper Authentication5 documents5 sources

Severity

9.8CRITICAL

EPSS

30.7%

top 3.28%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cisco Broadworks Xtended Services Platform Cisco Cisco Broadworks Cisco Broadworks Application Delivery Platform

Timeline

PublishedSep 6

Description

A vulnerability in the single sign-on (SSO) implementation of Cisco BroadWorks Application Delivery Platform and Cisco BroadWorks Xtended Services Platform could allow an unauthenticated, remote attacker to forge the credentials required to access an affected system. This vulnerability is due to the method used to validate SSO tokens. An attacker could exploit this vulnerability by authenticating to the application with forged credentials. A successful exploit could allow the attacker to commit …

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:HExploitability: 3.9 | Impact: 6.0

Affected Packages3 packages

▶NVDcisco/broadworks_application_delivery_platformri.2023.06, ri.2023.07+1

▶NVDcisco/broadworks_xtended_services_platform< 23.0.1075.ap384245+2

▶CVEListV5cisco/cisco_broadworks592 versions+591

🔴Vulnerability Details

CVEList

CVE-2023-20238: A vulnerability in the single sign-on (SSO) implementation of Cisco BroadWorks Application Delivery Platform and Cisco BroadWorks Xtended Services Pla↗2023-09-06

▶

GHSA

GHSA-mgh9-rchv-m7c2: A vulnerability in the single sign-on (SSO) implementation of Cisco BroadWorks Application Delivery Platform and Cisco BroadWorks Xtended Services Pla↗2023-09-06

▶

📋Vendor Advisories

Cisco

Cisco BroadWorks Application Delivery Platform and Xtended Services Platform Authentication Bypass Vulnerability↗2023-09-06

▶