Lub neej hauv nroog

Unveiling New Technologies and the Power of AI

Xov Xwm

Cisco tso tawm thaj ua rau thaj tsam tseem ceeb hauv BroadWorks Platform

ByGabriel Botha

Sep 7, 2023
Cisco tso tawm thaj ua rau thaj tsam tseem ceeb hauv BroadWorks Platform

Cisco has announced the release of patches for a critical-severity vulnerability in its BroadWorks Application Delivery Platform and BroadWorks Xtended Services Platform. Tracked as CVE-2023-20238, the vulnerability affects the BroadWorks calling and collaboration platform and is related to the single sign-on (SSO) implementation. Remote, unauthenticated attackers can exploit this vulnerability to forge credentials and gain access to affected systems.

The vulnerability arises from the method used to validate SSO tokens. If successfully exploited, an attacker can commit toll fraud or execute commands at the privilege level of the forged account. Cisco clarifies that the attacker needs a valid user ID associated with the affected BroadWorks system to carry out the attack. Despite this requirement, the vulnerability has a CVSS score of 10.0.

The affected BroadWorks releases include AuthenticationService, BWCallCenter, BWReceptionist, CustomMediaFilesRetrieval, ModeratorClientApp, PublicECLQuery, PublicReporting, UCAPI, Xsi-Actions, Xsi-Events, Xsi-MMTel, and Xsi-VTR. The vulnerability has been addressed through the release of Cisco BroadWorks Application Delivery Platform and BroadWorks Xtended Services Platform version AP.platform.23.0.1075.ap385341, along with the independent releases 2023.06_1.333 and 2023.07_1.332.

In addition to this critical vulnerability, Cisco has also released patches for a high-severity denial-of-service (DoS) vulnerability in its Identity Services Engine (ISE). Tracked as CVE-2023-20243, this vulnerability is specific to certain RADIUS accounting requests that are not properly handled. An attacker can exploit this flaw to cause the RADIUS process to restart, denying user access to the network or service. The vulnerability only affects Cisco ISE versions 3.1 and 3.2, and it has been resolved with the release of Cisco ISE versions 3.1P7 and 3.2P3.

Cisco has stated that there is no evidence to suggest that either of these vulnerabilities has been exploited in malicious attacks. However, users are strongly advised to apply the necessary patches to ensure the security of their systems.

For more information, please visit Cisco’s product security page.

Qhov chaw:
– Cisco advisory
– Cisco product security page

By Gabriel Botha

lwm yam Post

Xov Xwm

Lub neej yav tom ntej ntawm Kev Npaj Nto: Kev nce qib hauv Ntiaj Teb Pem Teb Sib Tsoo Tshuab Technology

Sep 11, 2023
Xov Xwm

Qhov cuam tshuam ntawm Nanocatalysts ntawm Kev Lag Luam Thoob Ntiaj Teb Tech: Ib Daim Ntawv Qhia Txog

Sep 11, 2023
Xov Xwm

Lub Limitations ntawm Physics: Predicting Unpredictable

Sep 11, 2023 Gabriel Botha

Koj plam

Xov Xwm

Lub neej yav tom ntej ntawm Kev Npaj Nto: Kev nce qib hauv Ntiaj Teb Pem Teb Sib Tsoo Tshuab Technology

Sep 11, 2023 0 Comments
technology

Apple's Hloov mus rau USB-C ntawm iPhone 15: Kev Tsav Tsheb, Tab sis muaj txiaj ntsig

Sep 11, 2023 Robert Andrew 0 Comments
technology

Ginger: Ib qho tshuaj ntsuab rau cem quav

Sep 11, 2023 Vicky Stavropoulou 0 Comments
technology

Starfield tau txais kev txhawb nqa Mods tuaj hauv 2024

Sep 11, 2023 Mampho Brescia 0 Comments