Privilege Elevation Vulnerability in Cisco BroadWorks Servers
CVE-2023-20216
7.8HIGH
Summary
A significant vulnerability in Cisco BroadWorks server types allows an authenticated local attacker to escalate privileges to root level. This issue arises from improper implementation of user role permissions, particularly for users assigned BWORKS or BWSUPERADMIN roles. An attacker can exploit this flaw by issuing specially crafted commands after gaining access, potentially executing actions outside their intended access, such as installing software or running critical operating system commands. While there are workarounds available, immediate action is recommended to mitigate any risk.
Affected Version(s)
Cisco BroadWorks 23.0
Cisco BroadWorks 23.0 ap380391
Cisco BroadWorks 23.0 ap380396
References
CVSS V3.1
Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved