Denial of Service Vulnerability in Cisco BroadWorks Platforms
CVE-2023-20020

8.6HIGH

Key Information:

Vendor: Cisco
Status: Cisco BroadWorks
Vendor: CVE Published:; 20 January 2023

What is CVE-2023-20020?

A vulnerability exists in the Device Management Servlet of Cisco BroadWorks platforms that could enable an unauthenticated remote attacker to trigger a denial of service (DoS) condition. This issue arises from inadequate input validation during the handling of HTTP requests. By sending a continuous stream of specifically crafted requests, an attacker could prevent the affected device from processing subsequent requests, effectively causing a DoS situation.

Affected Version(s)

Cisco BroadWorks 23.0

Cisco BroadWorks 23.0 ap380391

Cisco BroadWorks 23.0 ap380396

References

https://sec.cloudapps.cisco.com/security/center/content/C...

CVSS V3.1

Score:

8.6

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 20, 2023
Vulnerability Reserved
Oct 27, 2022