On Wednesday, Cisco released patches for BroadWorks Application Delivery Platform and BroadWorks Xtended Services Platform vulnerabilities of critical severity. The BroadWorks calling and collaboration platform has a vulnerability that has been tracked as CVE-2023-20238. The vulnerability was found in the single sign-on (SSO) implementation and may be used by remote, unauthenticated attackers to fake credentials and access vulnerable systems.
“The technique used to validate SSO tokens is to blame for this vulnerability. By using falsified credentials to log into the program, an attacker could use this flaw. A successful exploit might give the attacker access to the falsified account’s privilege level, which would let them to run commands or commit toll fraud, according to a Cisco advisory.