A critical security vulnerability in Cisco’s BroadWorks unified collaboration and messaging platform could pave the way for complete takeover of the platform, and the theft of a raft of sensitive data.
BroadWorks is an all-in-one unified communications as a service (UCaaS) platform that includes VoIP calling, instant messaging, video calling, WebEx integration, and more. It’s one of Cisco’s flagship offerings and enjoys dominant market share, with millions of business seats signed up across enterprises and small and midsize businesses (SMBs) alike.
The vulnerability tracked as CVE-2023-20238, with a CVSS score of 10, which exists in some implementations of the BroadWorks Application Delivery Platform and the BroadWorks Xtended Services Platform specifically.
According to an official advisory, cyberattackers wielding a valid BroadWorks user ID can exploit the platform’s single sign-on (SSO) implementation to authenticate as an existing user. To exploit this vulnerability, the attacker would need a valid user ID that is associated with an affected Cisco BroadWorks system. From there, they could hijack communications, snoop on sensitive communications, send fraudulent messages, phish info from other internal users, make phone calls for toll fraud purposes, cause denial-of-service (DoS).
Cisco has patched in AP.platform.23.0.1075.ap385341 and in the 2023.06_1.333 and 2023.07_1.332 release independent versions.
The Cisco PSIRT is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.