{"id":1275,"date":"2023-07-24T15:36:17","date_gmt":"2023-07-24T15:36:17","guid":{"rendered":"https:\/\/cert-mu.govmu.org\/cert-mu\/?p=1275"},"modified":"2023-07-24T15:36:17","modified_gmt":"2023-07-24T15:36:17","slug":"cisco-broadworks-privilege-escalation-vulnerability","status":"publish","type":"post","link":"https:\/\/cert-mu.govmu.org\/cert-mu\/?p=1275","title":{"rendered":"Cisco BroadWorks Privilege Escalation Vulnerability"},"content":{"rendered":"\n<p><strong>CERT-MU Advisories AD-2023-01<\/strong><br><br><strong>Date of Issue: <\/strong>24 July 2023<\/p>\n\n\n\n<p><strong>Severity Rating:<\/strong> High<\/p>\n\n\n\n<p><strong>Systems Affected: <a><\/a><\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>BroadWorks Application Delivery Platform<\/li>\n\n\n\n<li>BroadWorks Application Server<\/li>\n\n\n\n<li>BroadWorks Database Server<\/li>\n\n\n\n<li>BroadWorks Database Troubleshooting Server<\/li>\n\n\n\n<li>BroadWorks Execution Server<\/li>\n\n\n\n<li>BroadWorks Media Server<\/li>\n\n\n\n<li>BroadWorks Messaging Server<\/li>\n\n\n\n<li>BroadWorks Network Database Server<\/li>\n\n\n\n<li>BroadWorks Network Function Manager<\/li>\n\n\n\n<li>BroadWorks Network Server<\/li>\n\n\n\n<li>BroadWorks Profile Server<\/li>\n\n\n\n<li>BroadWorks Service Control Function Server<\/li>\n\n\n\n<li>BroadWorks Sharing Server<\/li>\n\n\n\n<li>BroadWorks Video Server<\/li>\n\n\n\n<li>BroadWorks WebRTC Server<\/li>\n\n\n\n<li>BroadWorks Xtended Services Platform<\/li>\n<\/ul>\n\n\n\n<p><strong>Description<\/strong><br><br>A vulnerability has been identified in the privilege management functionality of all Cisco BroadWorks server types and this could allow an authenticated, local attacker to elevate privileges to root on an affected system. This vulnerability is caused due to incorrect implementation of user role permissions. An attacker could exploit this vulnerability by authenticating to the application as a user with the BWORKS or BWSUPERADMIN role and issuing crafted commands on an affected system. A successful exploit could allow the attacker to execute commands beyond the sphere of their intended access level, including initiating installs or running operating system commands with elevated permissions.<\/p>\n\n\n\n<p><strong>Solution<\/strong><\/p>\n\n\n\n<p>Cisco has released updates to address this vulnerability and users are advised to apply the patches.<\/p>\n\n\n\n<p><strong>More information about the updates is available on:<\/strong><br><a href=\"https:\/\/sec.cloudapps.cisco.com\/security\/center\/content\/CiscoSecurityAdvisory\/cisco-sa-bw-priv-esc-qTgUZOsQ\">https:\/\/sec.cloudapps.cisco.com\/security\/center\/content\/CiscoSecurityAdvisory\/cisco-sa-bw-priv-esc-qTgUZOsQ<\/a><\/p>\n\n\n\n<p><strong>CVE Information<\/strong><br><a href=\"https:\/\/vuldb.com\/?id.235039\">CVE-2023-20216<\/a><\/p>\n\n\n\n<p><strong>References<\/strong><br><a href=\"https:\/\/sec.cloudapps.cisco.com\/security\/center\/content\/CiscoSecurityAdvisory\/cisco-sa-bw-priv-esc-qTgUZOsQ\">https:\/\/sec.cloudapps.cisco.com\/security\/center\/content\/CiscoSecurityAdvisory\/cisco-sa-bw-priv-esc-qTgUZOsQ<\/a><\/p>\n\n\n\n<p><strong>Postal address<\/strong><br>Mauritian Computer Emergency Response Team (CERT-MU)<br>Ministry of Information Technology, Communication and Innovation<br>2<sup>nd<\/sup>\u00a0Floor, Wing A,<br>Shri Atal Bihari Vajpayee Tower,<br>Cybercity Ebene.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>CERT-MU Advisories AD-2023-01 Date of Issue: 24 July 2023 Severity Rating: High Systems Affected: Description A vulnerability has been identified in the privilege management functionality of all Cisco BroadWorks server types and this could allow an authenticated, local attacker to elevate privileges to root on an affected system. This vulnerability is caused due to incorrect implementation of user role permissions. An attacker could exploit this vulnerability by authenticating to the application as a user with the BWORKS or BWSUPERADMIN role and issuing crafted commands on an affected system. A successful exploit could allow the attacker to execute commands beyond the\u2026<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[8],"tags":[],"class_list":["post-1275","post","type-post","status-publish","format-standard","hentry","category-advisories"],"blocksy_meta":"","_links":{"self":[{"href":"https:\/\/cert-mu.govmu.org\/cert-mu\/index.php?rest_route=\/wp\/v2\/posts\/1275","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/cert-mu.govmu.org\/cert-mu\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cert-mu.govmu.org\/cert-mu\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/cert-mu.govmu.org\/cert-mu\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/cert-mu.govmu.org\/cert-mu\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=1275"}],"version-history":[{"count":1,"href":"https:\/\/cert-mu.govmu.org\/cert-mu\/index.php?rest_route=\/wp\/v2\/posts\/1275\/revisions"}],"predecessor-version":[{"id":1276,"href":"https:\/\/cert-mu.govmu.org\/cert-mu\/index.php?rest_route=\/wp\/v2\/posts\/1275\/revisions\/1276"}],"wp:attachment":[{"href":"https:\/\/cert-mu.govmu.org\/cert-mu\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=1275"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cert-mu.govmu.org\/cert-mu\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=1275"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cert-mu.govmu.org\/cert-mu\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=1275"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}