Cisco has released security fixes to address multiple security flaws, including a critical bug, that could be exploited by a threat actor to take control of an affected system or cause a denial-of service (DoS) condition.
The most severe of the issues is CVE-2023-20238, which has the maximum CVSS severity rating of 10.0. It’s described as an authentication bypass flaw in the Cisco BroadWorks Application Delivery Platform and Cisco BroadWorks Xtended Services Platform.
Successful exploitation of the vulnerability — a weakness in the single sign-on (SSO) implementation and discovered during internal testing — could allow an unauthenticated, remote attacker to forge the credentials required to access an affected system.
