An Important Vulnerability Allows Full Takeover of Cisco BroadWorks

A serious flaw in the security of Cisco’s BroadWorks unified collaboration and messaging platform might allow for entire control of the system to be taken over by an attacker, as well as the loss of a great deal of sensitive information.

BroadWorks is an all-in-one unified communications as a service (UCaaS) platform that offers WebEx integration, video calling, instant messaging, and VoIP calling amongst other features. It is one of the main products that Cisco offers, and it has a dominant market share. Millions of business seats have been signed up for it by both large organizations and small and medium businesses (SMBs).

On the CVSS scale that rates the severity of vulnerabilities, the flaw known as CVE-2023-20238, which can be found in some implementations of the BroadWorks Application Delivery Platform and the BroadWorks Xtended Services Platform in particular, receives a score of ten out of ten.

According to an official advisory, cybercriminals in possession of a legitimate BroadWorks user ID and the ability to abuse the single sign-on (SSO) implementation of the platform can authenticate themselves as an already existing user. From that location, they would be able to take over communications, eavesdrop on private communications, send fraudulent messages, phish information from other internal users, make phone calls for the aim of committing toll fraud, create denial-of-service attacks, and more.

According to the networking behemoth, “this vulnerability is due to the method used to validate SSO tokens.” “If the exploit were to be effective, it would provide the attacker the ability to [carry out operations at the level of privilege held by] the falsified account… If the account is an administrator account, then the attacker would have the ability to read confidential information, edit customer settings, and modify settings for other users.

Cisco has implemented a fix for the CVE-2023-20238 vulnerability in AP.platform.23.0.1075.ap385341, as well as in the release independent versions 2023.06_1.333 and 2023.07_1.332.