Cisco has announced patches for a critical credential forgery bug in some of its BroadWorks platforms.
The networking vendor said CVE-2023-20238 affects the single sign-on implementation used by its BroadWorks Xtended Services platform and BroadWorks application delivery platform.
The bug “could allow an unauthenticated, remote attacker to forge the credentials required to access an affected system”, the advisory stated.
An attacker using a valid user ID to authenticate with forged credentials could commit toll fraud, the advisory said, or “execute commands at the privilege level of the forged account” – all the way up to administrator level.
At that level, “the attacker would have the ability to view confidential information, modify customer settings, or modify settings for other users.”
The two BroadWorks platforms are affected if they have any of the following applications enabled: AuthenticationService, BWCallCenter, BWReceptionist, CustomMediaFilesRetrieval, ModeratorClientApp, PublicECLQuery, PublicReporting, UCAPI, Xsi-Actions, Xsi-Events, Xsi-MMTel, or Xsi-VTR," Cisco said.
Users of BroadWorks Application Delivery and Xtended Services version 22 or below need to migrate to a fixed release; a patch is available for users on version 23 branches.
In a separate advisory, Cisco also announced a high-severity denial-of-service bug in its Identity Services Engine (ISE), CVE-2023-20243.
The ISE’s RADIUS message processor, present in a number of network access devices, can be crashed with a crafted packet.
Another four less severe bugs were patched in Cisco’s latest cycle.
