What is the severity of CVE-2023-20019?

The severity of CVE-2023-20019 is medium with a CVSS score of 6.1.

How can an unauthenticated attacker exploit CVE-2023-20019?

An unauthenticated attacker can exploit CVE-2023-20019 by conducting a cross-site scripting (XSS) attack against a user through the web-based management interface of the affected Cisco platforms.

Is there a solution for CVE-2023-20019?

Yes, Cisco has released a security advisory with remediation steps to address CVE-2023-20019. Please refer to the Cisco Security Advisory for more information.

Vulnerability/
CVE-2023-20019

medium

6.1

CWE

19/1/2023

2/8/2024

CVE-2023-20019: XSS

Q: What is CVE-2023-20019?

CVE-2023-20019 is a vulnerability in the web-based management interface of Cisco BroadWorks Application Delivery Platform, Cisco BroadWorks Application Server, and Cisco BroadWorks Xtended Services Platform that allows an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user.

Q: Which Cisco platforms are affected by CVE-2023-20019?

CVE-2023-20019 affects Cisco BroadWorks Application Delivery Platform, Cisco BroadWorks Application Server, and Cisco BroadWorks Xtended Services Platform.

First published: Thu Jan 19 2023(Updated: )

A vulnerability in the web-based management interface of Cisco BroadWorks Application Delivery Platform, Cisco BroadWorks Application Server, and Cisco BroadWorks Xtended Services Platform could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface of an affected device. This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.

Credit: ykramarz@cisco.com ykramarz@cisco.com

Affected Software	Affected Version	How to fix
Cisco BroadWorks Application Delivery Platform	<commpilot-24_2022.11
Cisco BroadWorks Application Server	<ap.as.24.0.944.ap384344
Cisco BroadWorks Xtended Services Platform	<ap.xsp.23.0.1075.ap384344

Never miss a vulnerability like this again

Reference Links

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-bw-xss-EzqDXqG4

Frequently Asked Questions

What is CVE-2023-20019?
CVE-2023-20019 is a vulnerability in the web-based management interface of Cisco BroadWorks Application Delivery Platform, Cisco BroadWorks Application Server, and Cisco BroadWorks Xtended Services Platform that allows an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user.
What is the severity of CVE-2023-20019?
The severity of CVE-2023-20019 is medium with a CVSS score of 6.1.
How can an unauthenticated attacker exploit CVE-2023-20019?
An unauthenticated attacker can exploit CVE-2023-20019 by conducting a cross-site scripting (XSS) attack against a user through the web-based management interface of the affected Cisco platforms.
Which Cisco platforms are affected by CVE-2023-20019?
CVE-2023-20019 affects Cisco BroadWorks Application Delivery Platform, Cisco BroadWorks Application Server, and Cisco BroadWorks Xtended Services Platform.
Is there a solution for CVE-2023-20019?
Yes, Cisco has released a security advisory with remediation steps to address CVE-2023-20019. Please refer to the Cisco Security Advisory for more information.

collector/nvd-index
agent/type
agent/softwarecombine
collector/mitre-cve
source/MITRE
agent/references
agent/author
agent/severity
agent/last-modified-date
agent/weakness
agent/description
agent/event
agent/first-publish-date
agent/tags
collector/nvd-api
source/NVD
agent/software-canonical-lookup
vendor/cisco
canonical/cisco broadworks application delivery platform
canonical/cisco broadworks application server
canonical/cisco broadworks xtended services platform

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.