Cisco Releases Urgent Fix for Authentication Bypass Bug Affecting BroadWorks Platform
Cisco has released security patches to address several security vulnerabilities, including a critical bug, which could be exploited by a malicious actor to take control of an affected system or cause a denial of service (DoS).
The most severe issue is CVE-2023-20238, which has a maximum CVSS severity rating of 10.0. It is described as an authentication bypass vulnerability in the Cisco BroadWorks Application Delivery Platform and Cisco BroadWorks Xtended Services Platform.
Successful exploitation of the vulnerability – a weakness in the single sign-on (SSO) implementation discovered during internal testing – could allow an unauthenticated, remote attacker to forge credentials required to access a system affected.
“This vulnerability is due to the method used to validate SSO tokens,” explains Cisco said. “An attacker could exploit this vulnerability by authenticating to the application with fake credentials. A successful exploit could allow the attacker to commit wire fraud or execute commands at the privilege level of the fake account.”
“If this account is an administrator account, the attacker would have the ability to view confidential information, change client settings, or change other users’ settings. To exploit this vulnerability, the attacker would need to a valid user ID associated with an assigned account. Cisco BroadWorks System.”
The issue, according to the company, affects both BroadWorks products and one of the following applications is enabled: AuthenticationService, BWCallCenter, BWReceptionist, CustomMediaFilesRetrieval, ModeratorClientApp, PublicECLQuery, PublicReporting, UCAPI, Xsi-Actions, Xsi-Events, Xsi-MMTel or Xsi-VTR.
Fixes for the vulnerability are available in versions AP.platform.23.0.1075.ap385341, 2023.06_1.333 and 2023.07_1.332.
Cisco also resolved a high-severity vulnerability in the RADIUS message processing functionality of the Cisco Identity Services Engine (CVE-2023-20243, CVSS score: 8.6) that could allow an unauthenticated, remote attacker to prevent the affected system from processing RADIUS. packages.
“This vulnerability is due to mishandling of certain RADIUS accounting requests,” explains Cisco said. “A successful exploit could allow the attacker to cause an unexpected restart of the RADIUS process, causing authentication or authorization delays and denying legitimate users access to the network or service.”
CVE-2023-20243 affects Cisco Identity Services Engine versions 3.1 and 3.2. It was fixed in versions 3.1P7 and 3.2P3. Other versions of the product are not sensitive.
Rounding out Cisco’s list is an unpatched medium severity flaw (CVE-2023-20269CVSS score: 5.0) in Adaptive Security Appliance (ASA) software and Firepower Threat Defense (FTD) software which the company claims could allow an authenticated, remote attacker to establish a clientless SSL VPN session with a user unauthorized.
Alternatively, this could allow an unauthenticated, remote attacker to easily conduct a brute force attack to attempt to identify valid username and password combinations and then use them to establish an access VPN session remotely unauthorized.
The update follows a warning from cybersecurity firm Rapid7 last month about increased brute force activity targeting Cisco ASA SSL VPN devices in order to deploy Akira and LockBit ransomware, indicating that CVE-2023- 20269 is running. actively exploited in the wild to gain unauthorized access.
Juniper Networks fixes serious BGP flaw with out-of-band update
These advisories come days after Juniper Networks released an out-of-band update for an improper input validation flaw in the routing protocol daemon (rpd) of Junos OS and Junos OS Evolved, which allows an attacker not to network-based authentication to cause a DoS. condition.
The vulnerability affects several Border Gateway Protocol (BGP) implementations, according to security researcher Ben Cartwright-Cox, who do Discovery. Juniper Networks tracks it as CVE-2023-4481 (CVSS score: 7.5), FRRouting as CVE-2023-38802, and OpenBSD OpenBGPd as CVE-2023-38283.
“When certain specific forged BGP UPDATE messages are received on an established BGP session, a BGP session may be dropped with an UPDATE message error, or the problem may propagate beyond the local system which will not be affected, but may affect one or more remote systems”, Juniper Networks said.
Way Too Vulnerable: Uncovering the State of the Identity Attack Surface
MFA achieved? WFP? Service account protection? Find out how equipped your organization really is against identity threats
“This issue is remotely exploitable because the crafted UPDATE message can propagate through unaffected systems and intermediate BGP speakers. Continued receipt of crafted BGP UPDATE messages will create a lasting denial of service (DoS) condition for affected devices.”
However, for the attack to be successful, a remote attacker must have at least one BGP session established. The vulnerability was fixed in Junos OS 23.4R1 and Junos OS Evolved 23.4R1-EVO.
Unpatched Tenda Modem Router Vulnerability
In a related development, the CERT Coordination Center (CERT/CC) has detailed an unpatched authentication bypass vulnerability in Tenda’s N300 Wireless VDSL2 Modem Router (CVE-2023-4498) that could allow an unauthenticated remote user to access sensitive information through a specially designed system. request.
“Successful exploitation of this vulnerability could allow the attacker to access pages that would otherwise require authentication,” CERT/CC said. “An unauthenticated attacker could thus gain access to sensitive information, such as the administrative password, which could be used to launch additional attacks.”
In the absence of a security update, users are advised to disable both Remote Administration Services (WAN side) and the web interface over the WAN on any SoHo router.
