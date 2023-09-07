Jeta e qytetit

Zbulimi i teknologjive të reja dhe fuqia e AI

Lajme

Cisco lëshon arna për dobësi kritike në platformën BroadWorks

ByGabriel Botha

Shtator 7, 2023
Cisco lëshon arna për dobësi kritike në platformën BroadWorks

Cisco has announced the release of patches for a critical-severity vulnerability in its BroadWorks Application Delivery Platform and BroadWorks Xtended Services Platform. Tracked as CVE-2023-20238, the vulnerability affects the BroadWorks calling and collaboration platform and is related to the single sign-on (SSO) implementation. Remote, unauthenticated attackers can exploit this vulnerability to forge credentials and gain access to affected systems.

The vulnerability arises from the method used to validate SSO tokens. If successfully exploited, an attacker can commit toll fraud or execute commands at the privilege level of the forged account. Cisco clarifies that the attacker needs a valid user ID associated with the affected BroadWorks system to carry out the attack. Despite this requirement, the vulnerability has a CVSS score of 10.0.

The affected BroadWorks releases include AuthenticationService, BWCallCenter, BWReceptionist, CustomMediaFilesRetrieval, ModeratorClientApp, PublicECLQuery, PublicReporting, UCAPI, Xsi-Actions, Xsi-Events, Xsi-MMTel, and Xsi-VTR. The vulnerability has been addressed through the release of Cisco BroadWorks Application Delivery Platform and BroadWorks Xtended Services Platform version AP.platform.23.0.1075.ap385341, along with the independent releases 2023.06_1.333 and 2023.07_1.332.

In addition to this critical vulnerability, Cisco has also released patches for a high-severity denial-of-service (DoS) vulnerability in its Identity Services Engine (ISE). Tracked as CVE-2023-20243, this vulnerability is specific to certain RADIUS accounting requests that are not properly handled. An attacker can exploit this flaw to cause the RADIUS process to restart, denying user access to the network or service. The vulnerability only affects Cisco ISE versions 3.1 and 3.2, and it has been resolved with the release of Cisco ISE versions 3.1P7 and 3.2P3.

Cisco has stated that there is no evidence to suggest that either of these vulnerabilities has been exploited in malicious attacks. However, users are strongly advised to apply the necessary patches to ensure the security of their systems.

For more information, please visit Cisco’s product security page.

Burimet:
– Cisco advisory
– Cisco product security page

By Gabriel Botha

Faqet Post

Lajme

Aksionet e Apple përballen me presion për shkak të ndalimit të iPhone nga Partia Komuniste Kineze

Shtator 7, 2023 Mamfo Breshia
Lajme

Roli i qarqeve të integruara në evolucionin e teknologjisë së internetit

Shtator 7, 2023
Lajme

WNBA's New York Liberty bashkëpunon me Xbox për Gjykatën me temë Starfield

Shtator 7, 2023 Vicky Stavropoulou

Ke humbur

Shkencë

Shkencëtarët e MIT përdorin konceptin e anulimit të zhurmës për të rritur koherencën në sistemet kuantike

Shtator 7, 2023 Mamfo Breshia 0 Comments
Lajme

Cisco lëshon arna për dobësi kritike në platformën BroadWorks

Shtator 7, 2023 Gabriel Botha 0 Comments
Teknologji

Planifikimi i Komponuar: Bashkimi i Dy Firmave të Menaxhimit të Pasurisë në mënyrë dixhitale

Shtator 7, 2023 Robert Andrew 0 Comments
Teknologji

Aplikacioni i rrahjeve të zemrës së Apple Watch merr një ridizajnim me watchOS 10

Shtator 7, 2023 Gabriel Botha 0 Comments