Cisco has issued critical security patches addressing several vulnerabilities, including one particularly severe flaw, potentially allowing threat actors to gain unauthorized control of affected systems or precipitate denial-of-service (DoS) conditions. The most critical vulnerability identified as CVE-2023-20238 has received a maximum CVSS severity rating of 10.0, relating to an authentication bypass within the Cisco BroadWorks Application Delivery Platform and the Cisco BroadWorks Xtended Services Platform.
This vulnerability, identified during internal testing, stems from a weakness in the single sign-on (SSO) mechanism, enabling unauthenticated remote attackers to forge credentials necessary for system access. Cisco elaborated, stating, “The vulnerability arises from how SSO tokens are validated. By exploiting this weakness, an attacker could authenticate to the application using forged credentials. A successful exploitation scenario could lead to toll fraud or command execution at the forged account’s privilege level.”
Should the compromised account hold administrative rights, attackers could potentially access sensitive information, alter customer settings, or modify configurations for additional users. For exploitation to occur, the attacker must possess a valid user ID linked to an affected Cisco BroadWorks system.
This vulnerability affects two BroadWorks products with certain applications enabled, including AuthenticationService, BWCallCenter, and others. Security updates are available in versions AP.platform.23.0.1075.ap385341, 2023.06_1.333, and 2023.07_1.332, which should be implemented promptly.
Additionally, Cisco has addressed a high-severity flaw in the RADIUS message processing feature of the Cisco Identity Services Engine, designated as CVE-2023-20243 with a CVSS score of 8.6. Exploitation of this flaw could permit an unauthenticated remote attacker to disrupt RADIUS packet processing, causing the affected system to halt operations.
Cisco explained the issue stems from improper handling of certain RADIUS accounting requests. A successful exploit may lead to unexpected restarts of the RADIUS process, thereby preventing legitimate users from accessing the network or associated services. This particular vulnerability affects versions 3.1 and 3.2 of Cisco Identity Services Engine, with fixes included in versions 3.1P7 and 3.2P3.
Lastly, another medium-severity vulnerability has been reported in Adaptive Security Appliance (ASA) Software and Firepower Threat Defense (FTD) Software, identified as CVE-2023-20269 (CVSS score: 5.0). This flaw could allow authenticated remote attackers to establish clientless SSL VPN sessions with unauthorized users or enable unauthenticated attackers to conduct brute-force attacks, targeting valid username and password combinations.
The uptick in brute-force activities, with potential exploitation of CVE-2023-20269 to deploy ransomware like Akira and LockBit, raises alarms following a recent warning from cybersecurity firm Rapid7.
Juniper Networks Patches Critical BGP Vulnerability
In a separate incident, Juniper Networks issued an out-of-band update to remediate a significant flaw in the Routing Protocol Daemon (rpd) of Junos OS and Junos OS Evolved. This vulnerability could allow unauthenticated network attackers to create DoS conditions, affecting multiple Border Gateway Protocol (BGP) implementations.
Security researcher Ben Cartwright-Cox discovered that specific BGP UPDATE messages, when received, could lead to session disruptions. Juniper is tracking this vulnerability as CVE-2023-4481, with additional identifiers assigned to FRRouting and OpenBSD OpenBGPd. The responsible party must have at least one established BGP session for an attack to succeed, and the vulnerability has been resolved in Junos OS 23.4R1.
Unresolved Vulnerability in Tenda Modem Router
In another development, the CERT Coordination Center highlighted a grave authentication bypass vulnerability affecting Tenda’s N300 Wireless N VDSL2 Modem Router (CVE-2023-4498). This flaw enables remote, unauthenticated users to access sensitive data via crafted requests.
They noted that successful exploitation could provide access to pages requiring authentication, exposing sensitive information such as administrative passwords, which could facilitate further attacks. Users are recommended to disable remote WAN administration and the web interface on their routers to mitigate risks until a fix is published.
Latest Advisory Update
The CERT Coordination Center also issued a recent advisory regarding a vulnerability affecting numerous BGP implementations, warning that compromised routers may experience route flapping upon receiving maliciously crafted BGP UPDATE messages. This could propagate through unaffected systems, amplifying the issue across the network.
Aside from Juniper, this vulnerability also impacts systems from several vendors, including D-Link, EXOS, Red Hat, and Ubuntu, highlighting the critical need for timely security updates across the board.
