We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Crisp.chat (Helpdesk and Chat)

Ok

THREATINT
PUBLISHED

CVE-2023-20238



Description

A vulnerability in the single sign-on (SSO) implementation of Cisco BroadWorks Application Delivery Platform and Cisco BroadWorks Xtended Services Platform could allow an unauthenticated, remote attacker to forge the credentials required to access an affected system. This vulnerability is due to the method used to validate SSO tokens. An attacker could exploit this vulnerability by authenticating to the application with forged credentials. A successful exploit could allow the attacker to commit toll fraud or to execute commands at the privilege level of the forged account. If that account is an Administrator account, the attacker would have the ability to view confidential information, modify customer settings, or modify settings for other users. To exploit this vulnerability, the attacker would need a valid user ID that is associated with an affected Cisco BroadWorks system.

Reserved 2022-10-27 | Published 2023-09-06 | Updated 2024-10-23 | Assigner cisco


CRITICAL: 10.0CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Problem types

Improper Authentication

Product status

23.0
affected

23.0 ap383785
affected

23.0 ap382487
affected

23.0 ap381781
affected

23.0 ap360007
affected

23.0 ap369295
affected

23.0 ap366358
affected

23.0 ap366677
affected

23.0 ap366803
affected

23.0 ap363128
affected

23.0 ap369529
affected

23.0 ap368445
affected

23.0 ap369227
affected

23.0 ap367332
affected

23.0 ap369881
affected

23.0 ap367874
affected

23.0 ap367974
affected

23.0 ap367998
affected

23.0 ap372337
affected

23.0 ap372706
affected

23.0 ap370193
affected

23.0 ap372389
affected

23.0 ap372708
affected

23.0 ap370911
affected

23.0 ap371681
affected

23.0 ap370952
affected

23.0 ap371436
affected

23.0 ap371155
affected

23.0 ap371682
affected

23.0 ap371775
affected

23.0 ap375449
affected

23.0 ap375720
affected

23.0 ap375661
affected

23.0 ap375097
affected

23.0 ap373562
affected

23.0 ap373015
affected

23.0 ap374971
affected

23.0 ap373034
affected

23.0 ap374324
affected

23.0 ap373899
affected

23.0 ap376041
affected

23.0 ap375003
affected

23.0 ap373539
affected

23.0 ap376179
affected

23.0 ap373299
affected

23.0 ap375908
affected

23.0 ap373391
affected

23.0 ap376252
affected

23.0 ap376429
affected

23.0 ap376410
affected

23.0 ap376426
affected

23.0 ap376485
affected

23.0 ap376620
affected

23.0 ap378025
affected

23.0 ap376671
affected

23.0 ap376614
affected

23.0 ap377578
affected

23.0 ap377516
affected

23.0 ap377515
affected

23.0 ap377494
affected

23.0 ap377984
affected

23.0 ap378863
affected

23.0 ap378882
affected

23.0 ap378218
affected

23.0 ap380161
affected

23.0 ap378257
affected

23.0 ap379888
affected

23.0 ap379326
affected

23.0 ap377149
affected

23.0 ap380446
affected

23.0 ap380180
affected

23.0 ap376935
affected

23.0 ap380473
affected

23.0 ap381091
affected

23.0 ap380783
affected

23.0 ap380537
affected

23.0 ap380512
affected

23.0 ap381072
affected

23.0 ap381584
affected

23.0 ap381088
affected

23.0 ap382053
affected

23.0 ap382253
affected

23.0 ap382709
affected

23.0 ap382717
affected

23.0 ap381498
affected

23.0 ap382992
affected

23.0 ap383594
affected

23.0 ap383168
affected

23.0 ap382362
affected

23.0 ap384431
affected

23.0 ap384428
affected

22.0
affected

22.0 ap375345
affected

22.0 ap382358
affected

22.0 ap347741
affected

22.0 ap377577
affected

22.0 ap372243
affected

22.0 ap372504
affected

22.0 ap360116
affected

22.0 ap368125
affected

22.0 ap367732
affected

22.0 ap357506
affected

22.0 ap380486
affected

22.0 ap379780
affected

22.0 ap351263
affected

22.0 ap366916
affected

22.0 ap363363
affected

22.0 ap374507
affected

22.0 ap372845
affected

22.0 ap373684
affected

22.0 ap366898
affected

22.0 ap368180
affected

22.0 ap366882
affected

22.0 ap369774
affected

22.0 ap374269
affected

22.0 ap365223
affected

22.0 ap359972
affected

22.0 ap359433
affected

22.0 ap359991
affected

22.0 ap358357
affected

22.0 ap360244
affected

22.0 ap369931
affected

22.0 ap367874
affected

22.0 ap376710
affected

22.0 ap342836
affected

22.0 ap346307
affected

22.0 ap345032
affected

22.0 ap354070
affected

22.0 ap354069
affected

22.0 ap353915
affected

22.0 ap349201
affected

22.0 ap350217
affected

22.0 ap350179
affected

22.0 ap354313
affected

22.0 ap354098
affected

22.0 ap353975
affected

22.0 ap348945
affected

22.0 ap354090
affected

22.0 ap350573
affected

22.0 ap352516
affected

22.0 ap352109
affected

22.0 ap353384
affected

22.0 ap353490
affected

22.0 ap352962
affected

22.0 ap352703
affected

22.0 ap353418
affected

22.0 ap351700
affected

22.0 ap352205
affected

22.0 ap353360
affected

22.0 ap352932
affected

22.0 ap354921
affected

22.0 ap352726
affected

22.0 ap355757
affected

22.0 ap352972
affected

22.0 ap353577
affected

22.0 ap356603
affected

22.0 ap355894
affected

22.0 ap355385
affected

22.0 ap353311
affected

22.0 ap355300
affected

22.0 ap355083
affected

22.0 ap357047
affected

22.0 ap353681
affected

22.0 ap356848
affected

22.0 ap356706
affected

22.0 ap356474
affected

22.0 ap355091
affected

22.0 ap354785
affected

22.0 ap355905
affected

22.0 ap355365
affected

22.0 ap356359
affected

22.0 ap356434
affected

22.0 ap354936
affected

22.0 ap355285
affected

22.0 ap355674
affected

22.0 ap355922
affected

22.0 ap354597
affected

22.0 ap356458
affected

22.0 ap356140
affected

22.0 ap354413
affected

22.0 ap357400
affected

22.0 ap357632
affected

22.0 ap356390
affected

22.0 ap357607
affected

22.0 ap357447
affected

22.0 ap357560
affected

22.0 ap357645
affected

22.0 ap357768
affected

22.0 ap357859
affected

22.0 ap357769
affected

22.0 ap358469
affected

22.0 ap359049
affected

22.0 ap358971
affected

22.0 ap358246
affected

22.0 ap358234
affected

22.0 ap359156
affected

22.0 ap359549
affected

22.0 ap358454
affected

22.0 ap358563
affected

22.0 ap360250
affected

22.0 ap360564
affected

22.0 ap358887
affected

22.0 ap359470
affected

22.0 ap359465
affected

22.0 ap359748
affected

22.0 ap360817
affected

22.0 ap360201
affected

22.0 ap361153
affected

22.0 ap360904
affected

22.0 ap359644
affected

22.0 ap359765
affected

22.0 ap360912
affected

22.0 ap360184
affected

22.0 ap361520
affected

22.0 ap362771
affected

22.0 ap361445
affected

22.0 ap361560
affected

22.0 ap362848
affected

22.0 ap361559
affected

22.0 ap361820
affected

22.0 ap361533
affected

22.0 ap362163
affected

22.0 ap362001
affected

22.0 ap362276
affected

22.0 ap362490
affected

22.0 ap361154
affected

22.0 ap362799
affected

22.0 ap363815
affected

22.0 ap362328
affected

22.0 ap363332
affected

22.0 ap368026
affected

22.0 ap363521
affected

22.0 ap364199
affected

22.0 ap363568
affected

22.0 ap363759
affected

22.0 ap363596
affected

22.0 ap366701
affected

22.0 ap366174
affected

22.0 ap363729
affected

22.0 ap363770
affected

22.0 ap366358
affected

22.0 ap366744
affected

22.0 ap366180
affected

22.0 ap366649
affected

22.0 ap365172
affected

22.0 ap365115
affected

22.0 ap366656
affected

22.0 ap364521
affected

22.0 ap364844
affected

22.0 ap364781
affected

22.0 ap365146
affected

22.0 ap364797
affected

22.0 ap364932
affected

22.0 ap365545
affected

22.0 ap365800
affected

22.0 ap365173
affected

22.0 ap364473
affected

22.0 ap365400
affected

22.0 ap367396
affected

22.0 ap365632
affected

22.0 ap365905
affected

22.0 ap367109
affected

22.0 ap365449
affected

22.0 ap365685
affected

22.0 ap367434
affected

22.0 ap365597
affected

22.0 ap365801
affected

22.0 ap365730
affected

22.0 ap365758
affected

22.0 ap365920
affected

22.0 ap371313
affected

22.0 ap367291
affected

22.0 ap365727
affected

22.0 ap367524
affected

22.0 ap371587
affected

22.0 ap367453
affected

22.0 ap365601
affected

22.0 ap365779
affected

22.0 ap371871
affected

22.0 ap371437
affected

22.0 ap372043
affected

22.0 ap372016
affected

22.0 ap367367
affected

22.0 ap372072
affected

22.0 ap372177
affected

22.0 ap371681
affected

22.0 ap372354
affected

22.0 ap371656
affected

22.0 ap371033
affected

22.0 ap371583
affected

22.0 ap371911
affected

22.0 ap371467
affected

22.0 ap372371
affected

22.0 ap368695
affected

22.0 ap368913
affected

22.0 ap368987
affected

22.0 ap372024
affected

22.0 ap372152
affected

22.0 ap371961
affected

22.0 ap369674
affected

22.0 ap369173
affected

22.0 ap369863
affected

22.0 ap369641
affected

22.0 ap368604
affected

22.0 ap368087
affected

22.0 ap368216
affected

22.0 ap369934
affected

22.0 ap368326
affected

22.0 ap369219
affected

22.0 ap369227
affected

22.0 ap368422
affected

22.0 ap369881
affected

22.0 ap369550
affected

22.0 ap369668
affected

22.0 ap369571
affected

22.0 ap372433
affected

22.0 ap370654
affected

22.0 ap370138
affected

22.0 ap370615
affected

22.0 ap372643
affected

22.0 ap372708
affected

22.0 ap370590
affected

22.0 ap372390
affected

22.0 ap372757
affected

22.0 ap370636
affected

22.0 ap372750
affected

22.0 ap372706
affected

22.0 ap370269
affected

22.0 ap370180
affected

22.0 ap370675
affected

22.0 ap370737
affected

22.0 ap370424
affected

22.0 ap370544
affected

22.0 ap374339
affected

22.0 ap370459
affected

22.0 ap370545
affected

22.0 ap370389
affected

22.0 ap374803
affected

22.0 ap370358
affected

22.0 ap373539
affected

22.0 ap373118
affected

22.0 ap373855
affected

22.0 ap373820
affected

22.0 ap373438
affected

22.0 ap374660
affected

22.0 ap373018
affected

22.0 ap373954
affected

22.0 ap374230
affected

22.0 ap374330
affected

22.0 ap374460
affected

22.0 ap372956
affected

22.0 ap373111
affected

22.0 ap374114
affected

22.0 ap373122
affected

22.0 ap373108
affected

22.0 ap374356
affected

22.0 ap375069
affected

22.0 ap373899
affected

22.0 ap374971
affected

22.0 ap375862
affected

22.0 ap375354
affected

22.0 ap375688
affected

22.0 ap373046
affected

22.0 ap373452
affected

22.0 ap374334
affected

22.0 ap374428
affected

22.0 ap374596
affected

22.0 ap372963
affected

22.0 ap376041
affected

22.0 ap376410
affected

22.0 ap376298
affected

22.0 ap372799
affected

22.0 ap376181
affected

22.0 ap375090
affected

22.0 ap376416
affected

22.0 ap373098
affected

22.0 ap375937
affected

22.0 ap376531
affected

22.0 ap375465
affected

22.0 ap376100
affected

22.0 ap375634
affected

22.0 ap375091
affected

22.0 ap375018
affected

22.0 ap375743
affected

22.0 ap375383
affected

22.0 ap375719
affected

22.0 ap376614
affected

22.0 ap376541
affected

22.0 ap375685
affected

22.0 ap374895
affected

22.0 ap376429
affected

22.0 ap379838
affected

22.0 ap380187
affected

22.0 ap380143
affected

22.0 ap379972
affected

22.0 ap380535
affected

22.0 ap380117
affected

22.0 ap380473
affected

22.0 ap375924
affected

22.0 ap379833
affected

22.0 ap376661
affected

22.0 ap380041
affected

22.0 ap380391
affected

22.0 ap379795
affected

22.0 ap376701
affected

22.0 ap376668
affected

22.0 ap377384
affected

22.0 ap377480
affected

22.0 ap377581
affected

22.0 ap376652
affected

22.0 ap376620
affected

22.0 ap378405
affected

22.0 ap377494
affected

22.0 ap378440
affected

22.0 ap378581
affected

22.0 ap377307
affected

22.0 ap377566
affected

22.0 ap378585
affected

22.0 ap377149
affected

22.0 ap378471
affected

22.0 ap377412
affected

22.0 ap377068
affected

22.0 ap377757
affected

22.0 ap378332
affected

22.0 ap379016
affected

22.0 ap378866
affected

22.0 ap378079
affected

22.0 ap378509
affected

22.0 ap378953
affected

22.0 ap377779
affected

22.0 ap379008
affected

22.0 ap379694
affected

22.0 ap379597
affected

22.0 ap378882
affected

22.0 ap379389
affected

22.0 ap379487
affected

22.0 ap379374
affected

22.0 ap380771
affected

22.0 ap381594
affected

22.0 ap381243
affected

22.0 ap380629
affected

22.0 ap380751
affected

22.0 ap382158
affected

22.0 ap378999
affected

22.0 ap381136
affected

22.0 ap382240
affected

22.0 ap382362
affected

22.0 ap382192
affected

22.0 ap381091
affected

22.0 ap382251
affected

22.0 ap381732
affected

22.0 ap381584
affected

22.0 ap381118
affected

22.0 ap382717
affected

22.0 ap383569
affected

22.0 ap382487
affected

22.0 ap383002
affected

22.0 ap382434
affected

22.0 ap383170
affected

22.0 ap383309
affected

22.0 ap383514
affected

22.0 ap383710
affected

22.0 ap382977
affected

22.0 ap382488
affected

22.0 ap383134
affected

22.0 ap359429
affected

21.sp1 ap351795
affected

21.sp1 ap348143
affected

21.sp1 ap351216
affected

21.sp1 ap339376
affected

21.sp1 ap358132
affected

21.sp1 ap355717
affected

21.sp1 ap346074
affected

21.sp1 ap373102
affected

21.sp1 ap235252
affected

21.sp1 ap242300
affected

21.sp1 ap338964
affected

21.sp1 ap339196
affected

21.sp1 ap341645
affected

21.sp1 ap341897
affected

21.sp1 ap342461
affected

21.sp1 ap342625
affected

21.sp1 ap342755
affected

21.sp1 ap342853
affected

21.sp1 ap343352
affected

21.sp1 ap344270
affected

21.sp1 ap344479
affected

21.sp1 ap344681
affected

21.sp1 ap345054
affected

21.sp1 ap345293
affected

21.sp1 ap345755
affected

21.sp1 ap348472
affected

21.sp1 ap349222
affected

21.sp1 ap350050
affected

21.sp1 ap350189
affected

21.sp1 ap351248
affected

21.sp1 ap351295
affected

21.sp1 ap351530
affected

21.sp1 ap351754
affected

21.sp1 ap351898
affected

21.sp1 ap352082
affected

21.sp1 ap352205
affected

21.sp1 ap352972
affected

21.sp1 ap353418
affected

21.sp1 ap353841
affected

21.sp1 ap354707
affected

21.sp1 ap356271
affected

21.sp1 ap356787
affected

21.sp1 ap357574
affected

21.sp1 ap358730
affected

21.sp1 ap360211
affected

21.sp1 ap360306
affected

21.sp1 ap361420
affected

21.sp1 ap365379
affected

21.sp1 ap365390
affected

21.sp1 ap366348
affected

21.sp1 ap374822
affected

21.sp1 ap375026
affected

21.sp1 ap375053
affected

21.0 ap349066
affected

21.0 ap364358
affected

21.0 ap362637
affected

21.0 ap342145
affected

21.0 ap357571
affected

21.0 ap362825
affected

21.0 ap361559
affected

21.0 ap339395
affected

21.0 ap348945
affected

21.0 ap346902
affected

21.0 ap350308
affected

21.0 ap363301
affected

21.0 ap349850
affected

21.0 ap344752
affected

21.0 ap347640
affected

21.0 ap350111
affected

21.0 ap355616
affected

21.0 ap353841
affected

21.0 ap346128
affected

21.0 ap350204
affected

21.0 ap341897
affected

21.0 ap347064
affected

21.0 ap350032
affected

21.0 ap351261
affected

21.0 ap352182
affected

21.0 ap350760
affected

21.0 ap363408
affected

21.sp1 ap340545
affected

21.sp1 ap341683
affected

21.sp1 ap341909
affected

21.sp1 ap342214
affected

21.sp1 ap344301
affected

21.sp1 ap344783
affected

21.sp1 ap346270
affected

21.sp1 ap346351
affected

21.sp1 ap347928
affected

21.sp1 ap349517
affected

21.sp1 ap349090
affected

21.sp1 ap351315
affected

21.sp1 ap352304
affected

21.sp1 ap351738
affected

21.sp1 ap354194
affected

21.sp1 ap357347
affected

21.sp1 ap364778
affected

21.sp1 ap372422
affected

21.sp1 ap371281
affected

21.sp1 ap370908
affected

21.sp1 ap379493
affected

21.sp1 ap380506
affected

21.sp9 ap360116
affected

21.sp9 ap367207
affected

RI.2021.02
affected

RI.2021.08
affected

RI.2021.09
affected

RI.2021.10
affected

RI.2021.11
affected

RI.2021.12
affected

RI.2022.02
affected

RI.2022.03
affected

RI.2022.04
affected

RI.2022.07
affected

RI.2022.06
affected

RI.2022.05
affected

RI.2022.08
affected

RI.2022.09
affected

RI.2022.10
affected

RI.2022.12
affected

RI.2023.01
affected

RI.2023.03
affected

RI.2023.02
affected

RI.2023.04
affected

RI.2023.05
affected

RI.2023.07
affected

References

sec.cloudapps.cisco.com/.../cisco-sa-bw-auth-bypass-kCggMWhX (cisco-sa-bw-auth-bypass-kCggMWhX)

cve.org (CVE-2023-20238)

nvd.nist.gov (CVE-2023-20238)

Download JSON

Share this page
https://cve.threatint.com/CVE/CVE-2023-20238

Support options

Helpdesk Chat, Email, Knowledgebase
Telegram Chat
Subscribe to our newsletter to learn more about our work.

© Copyright 2024 THREATINT
Made in Cyprus with +
 System status
Find us on
Data Privacy
Terms of Use
Logo BSI Allianz für Cyber-Sicherheit
Error loading Crisp.chat. Please check your web content filter and browser plugins.