Cisco announced patches for a critical severity vulnerability in the BroadWorks Application Delivery Platform and BroadWorks Xtended Services Platform. It tracked the patches as CVE-2023-20238, the vulnerability affecting the BroadWorks calling and collaboration platform.
It is identified in the single sign-on (SSO) implementation and can be exploited by remote and unauthenticated attackers. The company notes that the attacker may need a valid user ID associated with the affected BroadWorks system to exploit the flaw.
Cisco also shares that the impact can affect BroadWorks releases such as BWCallCenter, AuthenticationService, CustomMediaFilesRetrieval, BWReceptionist, PublicECLQuery, ModeratorClientApp, UCAPI, PublicReporting, Xsi-Events, Xsi-MMTel, or Xsi-VTR.