- 214/2023
- Critical
Cisco has released security updates to fix multiple vulnerabilities across multiple products.
The addressed vulnerabilities could allow the attacker to gain access, execute arbitrary code, bypass security restrictions, gain elevated privileges, or perform denial of service attacks on the affected products by sending a specially crafted request.
Sample of the addressed vulnerabilities:
1. Cisco BroadWorks Application Delivery and Xtended Services Platform Authentication Bypass (CVE-2023-20238):
- CVSS: 10
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Consequences: Bypass Security
2. Cisco Identity Services Engine RADIUS Denial of Service (CVE-2023-20243):
- CVSS: 8.6
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Consequences: Denial of Service
Vulnerabilities
- CVE-2023-20238
- CVE-2023-20243
- CVE-2023-20250
- CVE-2023-20193
- CVE-2023-20194
- CVE-2023-20263
- CVE-2023-20269
- CVE-2023-20266
Mitigations
The enterprise should deploy this patch as soon as the testing phase is completed.