Cisco on Wednesday introduced patches for a critical-severity vulnerability within the BroadWorks Software Supply Platform and BroadWorks Xtended Providers Platform.
Tracked as CVE-2023-20238, the vulnerability affecting the BroadWorks calling and collaboration platform was recognized within the single sign-on (SSO) implementation and may very well be exploited by distant, unauthenticated attackers to forge credentials and entry affected programs.
“This vulnerability is because of the technique used to validate SSO tokens. An attacker may exploit this vulnerability by authenticating to the appliance with cast credentials. A profitable exploit may permit the attacker to commit toll fraud or to execute instructions on the privilege stage of the solid account,” Cisco explains in an advisory.
The tech big notes that the attacker would want a sound person ID related to the affected BroadWorks system to take advantage of the flaw. Regardless of this situation, the vulnerability has a CVSS rating of 10.0.
The problem, Cisco says, impacts affected BroadWorks releases working AuthenticationService, BWCallCenter, BWReceptionist, CustomMediaFilesRetrieval, ModeratorClientApp, PublicECLQuery, PublicReporting, UCAPI, Xsi-Actions, Xsi-Occasions, Xsi-MMTel, or Xsi-VTR.
Cisco BroadWorks Software Supply Platform and BroadWorks Xtended Providers Platform model AP.platform.23.0.1075.ap385341 resolves the vulnerability. Cisco additionally introduced impartial releases 2023.06_1.333 and 2023.07_1.332 that include the mandatory patches.
On Wednesday, Cisco additionally launched patches for a high-severity denial-of-service (DoS) vulnerability within the Id Providers Engine (ISE).
Tracked as CVE-2023-20243, the difficulty exists as a result of sure RADIUS accounting requests will not be dealt with correctly. An attacker sending crafted requests to a community entry system that makes use of Cisco ISE instantly may trigger the RADIUS course of to restart, denying person entry to the community or service.
The vulnerability impacts Cisco ISE variations 3.1 and three.2 solely and was addressed with the discharge of Cisco ISE variations 3.1P7 and three.2P3.
The tech big says it’s not conscious of any of those vulnerabilities being exploited in malicious assaults.
Further info could be discovered on Cisco’s product security web page.