Cisco addresses a critical vulnerability in the BroadWorks platform

Cisco recently announced the release of patches needed to address a critical vulnerability affecting the BroadWorks platform. This vulnerability, identified as CVE-2023-20238, affects the Single Sign-On (SSO) authentication system and can be exploited by remote, unauthenticated attackers to gain improper access to affected systems. By exploiting this flaw, an attacker could spoof login credentials and then commit toll fraud or access sensitive information that can compromise systems security.

The affected versions and available solutions

The vulnerability in question affects versions of BroadWorks that use the following services: AuthenticationService, BWCallCenter, BWReceptionist, CustomMediaFilesRetrieval, ModeratorClientApp, PublicECLQuery, PublicReporting, UCAPI, Xsi-Actions, Xsi-Events, Xsi-MMTel, or Xsi-VTR. However, to take advantage of it, you need a valid user ID associated with the BroadWorks system of interest. Cisco has submitted the necessary patches, which are included in version AP.platform.23.0.1075.ap385341 of BroadWorks Application Delivery Platform and BroadWorks Xtended Services Platform. Additionally, standalone versions 2023.06_1.333 and 2023.07_1.332 have also been released, which include the necessary fixes to resolve the vulnerability.

Another problem solved by Cisco

In addition to the BroadWorks vulnerability, Cisco also released patches to address another high-severity denial-of-service (DoS) vulnerability involving the Identity Services Engine (ISE). This vulnerability, classified as CVE-2023-20243, occurs due to an issue in the handling of RADIUS accounting requests. An attacker, by sending crafted requests to a network access device that uses Cisco ISE directly, could cause the RADIUS process to restart, preventing the user from accessing the network or services. To address this vulnerability, Cisco has released Cisco ISE versions 3.1P7 and 3.2P3 for ISE versions 3.1 and 3.2 respectively.

Actions Taken by Cisco

At the time of the announcement, Cisco emphasized that no malicious attacks have been reported exploiting these vulnerabilities. However, to ensure the security of your systems, users running affected versions of BroadWorks and Cisco ISE are strongly advised to apply newly released patches as soon as possible. Furthermore, it is essential to constantly keep your network devices updated with the latest software versions, in order to protect your systems from any security threats. Cisco will continue to monitor the situation and work to ensure the security of its products and solutions.