Cisco Broadworks Xtended Services Platform vulnerabilities
6 known vulnerabilities affecting cisco/broadworks_xtended_services_platform.
Total CVEs
6
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH2MEDIUM3
Vulnerabilities
Page 1 of 1
CVE-2024-20270MEDIUMCVSS 5.4≥ 24.0.2023.01, < 24.0.2023.10≥ 25.0.2023.01, < 25.0.2023.10+1 more2024-01-17
CVE-2024-20270 [MEDIUM] CWE-79 CVE-2024-20270: A vulnerability in the web-based management interface of Cisco BroadWorks Application Delivery Platf
A vulnerability in the web-based management interface of Cisco BroadWorks Application Delivery Platform and Cisco BroadWorks Xtended Services Platform could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface.
This vulnerability exists because the web-based management interface
nvd
CVE-2023-20238CRITICALCVSS 9.8fixed in 23.0.1075.ap384245v2023.06+1 more2023-09-06
CVE-2023-20238 [CRITICAL] CWE-287 CVE-2023-20238: A vulnerability in the single sign-on (SSO) implementation of Cisco BroadWorks Application Delivery
A vulnerability in the single sign-on (SSO) implementation of Cisco BroadWorks Application Delivery Platform and Cisco BroadWorks Xtended Services Platform could allow an unauthenticated, remote attacker to forge the credentials required to access an affected system.
This vulnerability is due to the method used to validate SSO tokens. An attacker c
nvd
CVE-2023-20216HIGHCVSS 7.8fixed in 23.0.2023.05fixed in 2023.052023-08-03
CVE-2023-20216 [MEDIUM] CWE-269 CVE-2023-20216: A vulnerability in the privilege management functionality of all Cisco BroadWorks server types could
A vulnerability in the privilege management functionality of all Cisco BroadWorks server types could allow an authenticated, local attacker to elevate privileges to root on an affected system.
This vulnerability is due to incorrect implementation of user role permissions. An attacker could exploit this vulnerability by authenticating to the applicat
nvd
CVE-2023-20204MEDIUMCVSS 5.4fixed in 23.0.2023.082023-08-03
CVE-2023-20204 [MEDIUM] CWE-79 CVE-2023-20204: A vulnerability in the web-based management interface of Cisco BroadWorks CommPilot Application Soft
A vulnerability in the web-based management interface of Cisco BroadWorks CommPilot Application Software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface.
This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An a
nvd
CVE-2023-20020HIGHCVSS 8.6≥ 22.0, < 23.0.1075.ap3842452023-01-20
CVE-2023-20020 [HIGH] CWE-835 CVE-2023-20020: A vulnerability in the Device Management Servlet application of Cisco BroadWorks Application Deliver
A vulnerability in the Device Management Servlet application of Cisco BroadWorks Application Delivery Platform and Cisco BroadWorks Xtended Services Platform could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.
This vulnerability is due to improper input validation when parsing HTTP reques
nvd
CVE-2023-20019MEDIUMCVSS 6.1fixed in ap.xsp.23.0.1075.ap3843442023-01-20
CVE-2023-20019 [MEDIUM] CWE-79 CVE-2023-20019: A vulnerability in the web-based management interface of Cisco BroadWorks Application Delivery Platf
A vulnerability in the web-based management interface of Cisco BroadWorks Application Delivery Platform, Cisco BroadWorks Application Server, and Cisco BroadWorks Xtended Services Platform could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface of an affected device.
This vulnerab
nvd