Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
NA

CVE-2023-20216

Published: 03/08/2023 Updated: 25/01/2024
CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8
VMScore: 0
Subscribe to Cisco

Vulnerability Summary

A vulnerability in the privilege management functionality of all Cisco BroadWorks server types could allow an authenticated, local malicious user to elevate privileges to root on an affected system. This vulnerability is due to incorrect implementation of user role permissions. An attacker could exploit this vulnerability by authenticating to the application as a user with the BWORKS or BWSUPERADMIN role and issuing crafted commands on an affected system. A successful exploit could allow the malicious user to execute commands beyond the sphere of their intended access level, including initiating installs or running operating system commands with elevated permissions. There are workarounds that address this vulnerability.

Vulnerable Product Search on Vulmon Subscribe to Product

cisco broadworks application server

cisco broadworks application delivery platform

cisco broadworks network server

cisco broadworks profile server

cisco broadworks xtended services platform

cisco broadworks troubleshooting server

cisco broadworks network function manager

cisco broadworks network database server

cisco broadworks execution server

cisco broadworks database server

cisco broadworks service control function server

cisco broadworks media server

Vendor Advisories

Cisco: Cisco BroadWorks Privilege Escalation Vulnerability
A vulnerability in the privilege management functionality of all Cisco BroadWorks server types could allow an authenticated, local attacker to elevate privileges to root on an affected system This vulnerability is due to incorrect implementation of user role permissions An attacker could exploit this vulnerability by authenticating to the applica ...

References

CWE-732https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-bw-priv-esc-qTgUZOsQhttps://nvd.nist.govhttps://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-bw-priv-esc-qTgUZOsQ
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
path traversalCVE-2024-26978CVE-2024-26982wirelessCVE-2023-6949CVE-2024-26980CVE-2024-32766CVE-2024-26939cache poisoning
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook