A critical vulnerability has been discovered in the Cisco BroadWorks Application Delivery Platform and Cisco BroadWorks Xtended Services Platform. This vulnerability, tracked as CVE-2023-20238 and rated with a maximum CVSS score of 10.0, could potentially allow remote attackers to forge credentials and bypass authentication. Cisco BroadWorks is a cloud communication services platform widely used by businesses and consumers. The affected components, the Application Delivery Platform and Xtended Services Platform, are crucial for application management and integration.
Threat actors exploiting this vulnerability could execute commands, access confidential data, manipulate user settings, and engage in toll fraud. The vulnerability impacts these platforms if specific applications are active: AuthenticationService, BWCallCenter, BWReceptionist, CustomMediaFilesRetrieval, ModeratorClientApp, PublicECLQuery, PublicReporting, UCAPI, Xsi-Actions, Xsi-Events, Xsi-MMTel, Xsi-VTR.
The vulnerability is attributed to the validation method used for single sign-on (SSO) tokens. Attackers can exploit it by using forged credentials to authenticate to the application. The extent of damage depends on the privilege level of the compromised account, with administrator accounts posing the greatest risk. A valid user ID linked to the targeted Cisco BroadWorks system is required to exploit the vulnerability, which limits potential attackers but does not eliminate the risk.
Cisco recommends updating to specific versions for affected branches or migrating to fixed releases for older versions. Unfortunately, there are no workarounds provided. While there are no reports of active exploitation in the wild, system administrators should apply available updates promptly to mitigate the risk.
The following reports contain further technical details: