Cisco Security Updates – 03 August 2023

By /
  • 184/2023
  • Medium

Cisco has released security updates to fix multiple vulnerabilities in Cisco Secure Web Appliance and Cisco BroadWorks.

The addressed vulnerabilities could allow the remote attacker to bypass security nrestrictions or perform cross-site scripting on the affected products.

The addressed vulnerabilities:

1- Cisco AsyncOS Software for Cisco Secure Web Appliance Security Bypass (CVE-2023-20215):

  • CVSS: 5.8
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Consequences: Bypass Security

2- Cisco BroadWorks CommPilot Application Software Cross-Site Scripting (CVE-2023-20204):

  • CVSS: 5.4
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: Low
  • User Interaction: Required
  • Consequences: Cross-Site Scripting
Vulnerabilities
  • CVE-2023-20215
  • CVE-2023-20204
Mitigations

The enterprise should deploy this patch as soon as the testing phase is completed.

Cisco Security Advisory

References

Cisco Security Advisory