CVE-2023-20216

Published: Aug 3, 2023Modified: Nov 21, 2024

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

A vulnerability in the privilege management functionality of all Cisco BroadWorks server types could allow an authenticated, local attacker to elevate privileges to root on an affected system. This vulnerability is due to incorrect implementation of user role permissions. An attacker could exploit this vulnerability by authenticating to the application as a user with the BWORKS or BWSUPERADMIN role and issuing crafted commands on an affected system. A successful exploit could allow the attacker to execute commands beyond the sphere of their intended access level, including initiating installs or running operating system commands with elevated permissions. There are workarounds that address this vulnerability.

Affected (17)

Products: Cisco: Broadworks Application Delivery Platform, Broadworks Application Server, Broadworks Database Server, Broadworks Execution Server, Broadworks Media Server, Broadworks Network Database Server, Broadworks Network Function Manager, Broadworks Network Server, Broadworks Profile Server, Broadworks Service Control Function Server, Broadworks Troubleshooting Server, Broadworks Xtended Services Platform

Cisco

12 products

Broadworks Application Delivery Platform

Broadworks Application Server

Broadworks Database Server

Broadworks Execution Server

Broadworks Media Server

Broadworks Network Database Server

Broadworks Network Function Manager

Broadworks Network Server

Broadworks Profile Server

Broadworks Service Control Function Server

Broadworks Troubleshooting Server

Broadworks Xtended Services Platform

Configuration A

17 vulnerable

Vulnerable Software	Affected Versions
Cisco Broadworks Application Delivery Platform	Before ri.2023.05
Cisco Broadworks Application Server	Before 23.0.2023.05
Cisco Broadworks Application Server	From 24.0 to 24.0.2023.05
Cisco Broadworks Application Server	Before 2023.05
Cisco Broadworks Database Server	Before 2023.05
Cisco Broadworks Execution Server	Before 2023.05
Cisco Broadworks Media Server	Before 2023.05
Cisco Broadworks Network Database Server	Before 2023.05
Cisco Broadworks Network Function Manager	Before 2023.05
Cisco Broadworks Network Server	Before 23.0.2023.05
Cisco Broadworks Network Server	Before 2023.05
Cisco Broadworks Profile Server	Before 23.0.2023.05
Cisco Broadworks Profile Server	Before 2023.05
Cisco Broadworks Service Control Function Server	Before 2023.05
Cisco Broadworks Troubleshooting Server	Before 2023.06
Cisco Broadworks Xtended Services Platform	Before 23.0.2023.05
Cisco Broadworks Xtended Services Platform	Before 2023.05

Related CWEs

CWE-269

Improper Privilege Management

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

CWE-732

Incorrect Permission Assignment for Critical Resource

The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.

References (2)

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-bw-priv-esc-qTgUZOsQ

Source: psirt@cisco.com

Vendor Advisory

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-bw-priv-esc-qTgUZOsQ

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.