Cisco has announced the release of patches to address a critical credential forgery bug in some of its BroadWorks platforms. The bug, known as CVE-2023-20238, affects the single sign-on implementation used by the BroadWorks Xtended Services platform and the BroadWorks application delivery platform. This bug could potentially allow an unauthenticated remote attacker to forge the credentials required to access an affected system.

The advisory released by Cisco warns of the risks associated with this bug. Attackers who are able to authenticate with forged credentials can commit toll fraud or execute commands at the privilege level of the forged account, up to administrator level. At the administrator level, the attacker would have the ability to view confidential information, modify customer settings, or modify settings for other users.

The vulnerability affects the two BroadWorks platforms if they have any of the following applications enabled: AuthenticationService, BWCallCenter, BWReceptionist, CustomMediaFilesRetrieval, ModeratorClientApp, PublicECLQuery, PublicReporting, UCAPI, Xsi-Actions, Xsi-Events, Xsi-MMTel, or Xsi-VTR. Users of BroadWorks Application Delivery and Xtended Services version 22 or below are advised to migrate to a fixed release, while a patch is available for users on version 23 branches.

In addition to the credential forgery bug, Cisco also released patches for a high-severity denial-of-service bug in its Identity Services Engine (ISE) (CVE-2023-20243), as well as four other less severe bugs. The denial-of-service bug affects the ISE’s RADIUS message processor, which can be crashed with a crafted packet.

