On September 6th, 2023, Cisco disclosed an authentication bypass vulnerability in its Cisco BroadWorks products. This vulnerability tracked as CVE-2023-20238, has a CVSS score of 10.0 (Critical). It allows an unauthenticated, remote attacker to forge credentials and gain unauthorized access to affected Cisco BroadWorks systems. This could enable the attacker to commit serious issues like toll fraud, view confidential data, modify customer settings, and more. Users of affected Cisco BroadWorks Platforms should urgently fix this vulnerability by upgrading to a patched release. We published this blog post to let our readers know about this vulnerability. In this blog post, we will cover the details of CVE-2023-20238, affected products, and finally, how to fix CVE-2023-20238, an Authentication Bypass Vulnerability in Cisco BroadWorks.
A Short Introduction to Cisco BroadWorks Application Delivery Platform and Xtended Services Platform
Cisco BroadWorks is a cloud-based unified communications platform that enables service providers to deliver voice, video, messaging, and collaboration services. The main components include:
- BroadWorks Application Delivery Platform – The core call control and application server platform.
- BroadWorks Xtended Services Platform – Provides value-added services like call center, receptionist, and custom applications.
BroadWorks allows easy integration with Web and mobile apps to provide a complete UCaaS solution. It is used by many telecom providers globally to deliver hosted VoIP and UC services.
Summary of CVE-2023-20238
- CVE ID: CVE-2023-20238
- CVSS Score:10.0 CRITICAL
- Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
CVE-2023-20238 is a critical authentication bypass vulnerability affecting the single sign-on (SSO) implementation in the Cisco BroadWorks Application Delivery Platform and Xtended Services Platform. This flaw, with a severity score of 10.0, is caused by improper validation of SSO tokens.
By exploiting this vulnerability, an unauthenticated, remote attacker could forge credentials to bypass authentication and gain unauthorized access to the BroadWorks system. The attacker only needs a valid user ID on the target system to successfully exploit this flaw.
Once logged in with forged credentials, the attacker could perform unauthorized actions and access data at the privilege level of the compromised account. This enables the attacker to commit toll fraud, access and modify customer information, change the settings of other users, and even gain admin privileges by compromising an admin account.
Successful exploitation of CVE-2023-20238 results in complete compromise and remote code execution on the vulnerable BroadWorks platform. Overall, this critical authentication bypass issue allows an external attacker to fully take over the affected system without needing any credentials.
Cisco BroadWorks Products Affected by CVE-2023-20238
According to Cisco’s advisory, the following Cisco BroadWorks platforms are affected if running a vulnerable software release:
- Cisco BroadWorks Application Delivery Platform
- Cisco BroadWorks Xtended Services Platform
The vulnerability affects BroadWorks releases 22.0 and earlier. Additionally, the flaw impacts the following applications if enabled on a vulnerable BroadWorks system:
Cisco has released software updates to address this vulnerability in affected BroadWorks platforms.
To fix CVE-2023-20238, users should upgrade to the following patched releases:
- For BroadWorks Application Delivery Platform and Xtended Services Platform version 22.0 and earlier, migrate to release 23.0 or later.
- For Release Independent versions, upgrade to 2023.06_1.333 or 2023.07_1.332.
Cisco recommends upgrading to the latest available release as the only remediation measure. Administrators are advised to install the patched releases immediately to mitigate this critical remote code execution risk. There are no workarounds available.
Upgrade planning should account for sufficient system memory, hardware compatibility, and licensing requirements. Customers can obtain the fixed releases through regular update channels if they have an active service contract. Others can contact the Cisco TAC with the advisory URL and product serial number. A proactive upgrade to the latest BroadWorks releases is highly recommended to ensure protection against attacks exploiting this vulnerability. Staying up-to-date with security fixes for critical flaws is crucial for secure operations.