Cisco has launched security fixes to deal with a number of security flaws, together with a vital bug, that could possibly be exploited by a menace actor to take management of an affected system or trigger a denial-of service (DoS) situation.
Essentially the most extreme of the problems is CVE-2023-20238, which has the utmost CVSS severity score of 10.0. It is described as an authentication bypass flaw within the Cisco BroadWorks Utility Supply Platform and Cisco BroadWorks Xtended Providers Platform.
Profitable exploitation of the vulnerability — a weak point within the single sign-on (SSO) implementation and found throughout inner testing — may enable an unauthenticated, distant attacker to forge the credentials required to entry an affected system.
“This vulnerability is because of the methodology used to validate SSO tokens,” Cisco mentioned. “An attacker may exploit this vulnerability by authenticating to the applying with cast credentials. A profitable exploit may enable the attacker to commit toll fraud or to execute instructions on the privilege stage of the cast account.”
“If that account is an Administrator account, the attacker would have the flexibility to view confidential data, modify buyer settings, or modify settings for different customers. To use this vulnerability, the attacker would want a legitimate consumer ID that’s related to an affected Cisco BroadWorks system.”
The problem, per the corporate, impacts the 2 BroadWorks merchandise and have one of many following apps enabled: AuthenticationService, BWCallCenter, BWReceptionist, CustomMediaFilesRetrieval, ModeratorClientApp, PublicECLQuery, PublicReporting, UCAPI, Xsi-Actions, Xsi-Occasions, Xsi-MMTel, or Xsi-VTR.
Fixes for the vulnerability can be found in model AP.platform.23.0.1075.ap385341, 2023.06_1.333, and 2023.07_1.332.
Additionally resolved by Cisco is a high-severity flaw within the RADIUS message processing function of Cisco Identification Providers Engine (CVE-2023-20243, CVSS rating: 8.6) that might enable an unauthenticated, distant attacker to trigger the affected system to cease processing RADIUS packets.
“This vulnerability is because of improper dealing with of sure RADIUS accounting requests,” Cisco mentioned. “A profitable exploit may enable the attacker to trigger the RADIUS course of to unexpectedly restart, leading to authentication or authorization timeouts and denying reliable customers entry to the community or service.”
CVE-2023-20243 impacts variations 3.1 and three.2 of Cisco Identification Providers Engine. It has been patched in variations 3.1P7 and three.2P3. Different variations of the product will not be inclined.
Rounding off the record from Cisco is an unpatched medium-severity flaw (CVE-2023-20269, CVSS rating: 5.0) in Adaptive Safety Equipment (ASA) Software program and Firepower Risk Protection (FTD) Software program that the corporate mentioned may enable an authenticated, distant attacker to determine a clientless SSL VPN session with an unauthorized consumer.
Alternatively, it may allow an unauthenticated, distant attacker to simply conduct a brute-force assault in an try to determine legitimate username and password mixtures after which use them to determine an unauthorized distant entry VPN session.
The replace follows a warning from cybersecurity agency Rapid7 final month a couple of surge in brute-force exercise geared toward Cisco ASA SSL VPN home equipment with the intention to deploy Akira and LockBit ransomware, indicating CVE-2023-20269 is being actively exploited within the wild to realize unauthorized entry.
Juniper Networks Addresses Extreme BGP Flaw with Out-of-Band Replace
The advisories come days after Juniper Networks shipped an out-of-band replace for an improper enter validation flaw within the Routing Protocol Daemon (rpd) of Junos OS and Junos OS Developed, which permits an unauthenticated, network-based attacker to trigger a DoS situation.
The vulnerability impacts a number of Border Gateway Protocol (BGP) implementations, per security researcher Ben Cartwright-Cox, who made the invention. Juniper Networks is monitoring it as CVE-2023-4481 (CVSS rating: 7.5), FRRouting as CVE-2023-38802, and OpenBSD OpenBGPd as CVE-2023-38283.
“When sure particular crafted BGP UPDATE messages are obtained over a longtime BGP session, one BGP session could also be torn down with an UPDATE message error, or the difficulty could propagate past the native system which is able to stay non-impacted, however could have an effect on a number of distant techniques,” Juniper Networks mentioned.
“This subject is exploitable remotely because the crafted UPDATE message can propagate by way of unaffected techniques and intermediate BGP audio system. Steady receipt of the crafted BGP UPDATE messages will create a sustained denial-of-service (DoS) situation for impacted units.”
Nonetheless for the assault to achieve success, a distant attacker is required to have no less than one established BGP session. The vulnerability has been fastened in Junos OS 23.4R1 and Junos OS Developed 23.4R1-EVO.
Unpatched Tenda Modem Router Vulnerability
In a associated growth, CERT Coordination Heart (CERT/CC) detailed an unpatched authentication bypass vulnerability in Tenda’s N300 Wi-fi N VDSL2 Modem Router (CVE-2023-4498) that might permits a distant, unauthenticated consumer to entry delicate data by way of a specifically crafted request.
“Profitable exploitation of this vulnerability may grant the attacker entry to pages that will in any other case require authentication,” CERT/CC mentioned. “An unauthenticated attacker may thereby achieve entry to delicate data, such because the Administrative password, which could possibly be used to launch further assaults.”
Within the absence of a security replace, it is suggested that customers disable each the distant (WAN-side) administration companies and the online interface on the WAN on any SoHo router.