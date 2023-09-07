Stadsleven

Onthulling van nieuwe technologieën en de kracht van AI

Nieuws

Cisco brengt patches uit voor kritieke kwetsbaarheden in het BroadWorks-platform

ByGabriël Botha

September 7, 2023
Cisco brengt patches uit voor kritieke kwetsbaarheden in het BroadWorks-platform

Cisco has announced the release of patches for a critical-severity vulnerability in its BroadWorks Application Delivery Platform and BroadWorks Xtended Services Platform. Tracked as CVE-2023-20238, the vulnerability affects the BroadWorks calling and collaboration platform and is related to the single sign-on (SSO) implementation. Remote, unauthenticated attackers can exploit this vulnerability to forge credentials and gain access to affected systems.

The vulnerability arises from the method used to validate SSO tokens. If successfully exploited, an attacker can commit toll fraud or execute commands at the privilege level of the forged account. Cisco clarifies that the attacker needs a valid user ID associated with the affected BroadWorks system to carry out the attack. Despite this requirement, the vulnerability has a CVSS score of 10.0.

The affected BroadWorks releases include AuthenticationService, BWCallCenter, BWReceptionist, CustomMediaFilesRetrieval, ModeratorClientApp, PublicECLQuery, PublicReporting, UCAPI, Xsi-Actions, Xsi-Events, Xsi-MMTel, and Xsi-VTR. The vulnerability has been addressed through the release of Cisco BroadWorks Application Delivery Platform and BroadWorks Xtended Services Platform version AP.platform.23.0.1075.ap385341, along with the independent releases 2023.06_1.333 and 2023.07_1.332.

In addition to this critical vulnerability, Cisco has also released patches for a high-severity denial-of-service (DoS) vulnerability in its Identity Services Engine (ISE). Tracked as CVE-2023-20243, this vulnerability is specific to certain RADIUS accounting requests that are not properly handled. An attacker can exploit this flaw to cause the RADIUS process to restart, denying user access to the network or service. The vulnerability only affects Cisco ISE versions 3.1 and 3.2, and it has been resolved with the release of Cisco ISE versions 3.1P7 and 3.2P3.

Cisco has stated that there is no evidence to suggest that either of these vulnerabilities has been exploited in malicious attacks. However, users are strongly advised to apply the necessary patches to ensure the security of their systems.

For more information, please visit Cisco’s product security page.

Bronnen:
– Cisco advisory
– Cisco product security page

By Gabriël Botha

Verwant bericht

Nieuws

Onderzoek naar de toekomst van edge-beveiliging in LAMEA-telecommunicatie

September 9, 2023
Nieuws

Een revolutie in de gebruikerservaring: de evolutie van displaypaneeltechnologie

September 9, 2023
Nieuws

Benutten van de kracht van cloudtechnologie voor efficiënt supply chain management in het internettijdperk

September 9, 2023

Je miste

Nieuws

Onderzoek naar de toekomst van edge-beveiliging in LAMEA-telecommunicatie

September 9, 2023 0 reacties
Technologie

Epic Games Chief Creative Officer Donald Mustard gaat met pensioen

September 9, 2023 Gabriël Botha 0 reacties
Technologie

Toyota GR Corolla Morizo ​​versus Honda Civic Type-R: een spannende U-Drag-race

September 9, 2023 Mamfo Brescia 0 reacties
Wetenschap

Uit nieuw onderzoek blijkt dat de combinatie van Piroxicam en Levonorgestrel de effectiviteit van noodanticonceptie verhoogt

September 9, 2023 Vicky Stavropoulou 0 reacties