- 152/2023
- High
Cisco has released security updates to fix multiple vulnerabilities across multiple products.
The addressed vulnerabilities could allow the attacker to perform a cross-site scripting attack, gain elevated privileges, obtain sensitive information by reading or modifying the traffic transmitted between the sites, or gain access to the affected products.
Sample of the addressed vulnerabilities:
1. Cisco ACI Multi-Site CloudSec Information Disclosure (CVE-2023-20185):
- CVSS: 7.4
- Attack Vector: Network
- Attack Complexity: High
- Privileges Required: None
- User Interaction: None
- Consequences: Obtain Information
2. Cisco BroadWorks Privilege Escalation Vulnerability (CVE-2023-20210):
- CVSS: 6.0
- Attack Vector: Local
- Attack Complexity: Low
- Privileges Required: High
- User Interaction: None
- Consequences: Gain Privileges
Sample of the affected products:
- Cisco Nexus 9000 Series Fabric Switches in Application Centric Infrastructure (ACI) mode.
- Cisco Webex Meetings.
- Cisco Duo Authentication Proxy.
- Cisco BroadWorks Application Server.
Vulnerabilities
- CVE-2023-20178
- CVE-2023-20180
- CVE-2023-20185
- CVE-2023-20133
- CVE-2023-20207
- CVE-2023-20210
Mitigations
The enterprise should deploy this patch as soon as the testing phase is completed.