CVE-2023-20210: Input Validation
First published: Wed Jul 12 2023(Updated: )
A vulnerability in Cisco BroadWorks could allow an authenticated, local attacker to elevate privileges to the root user on an affected device. The vulnerability is due to insufficient input validation by the operating system CLI. An attacker could exploit this vulnerability by issuing a crafted command to the affected system. A successful exploit could allow the attacker to execute commands as the root user. To exploit this vulnerability, an attacker must have valid BroadWorks administrative privileges on the affected device.
Credit: ykramarz@cisco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cisco BroadWorks Application Delivery Platform | =23.0 | |
| Cisco BroadWorks Application Delivery Platform | =24.0 | |
| Cisco BroadWorks Application Delivery Platform | =25.0 | |
| Cisco BroadWorks Application Delivery Platform Device Management | ||
| Cisco BroadWorks | =23.0 | |
| Cisco BroadWorks | =24.0 | |
| Cisco BroadWorks | =25.0 | |
| Cisco Broadworks Application Server Firmware | ||
| Cisco Broadworks Network Database Server | =23.0 | |
| Cisco Broadworks Network Database Server | =24.0 | |
| Cisco Broadworks Network Database Server | =25.0 | |
| Cisco Broadworks Network Database Server | ||
| Cisco BroadWorks Database Troubleshooting Server Firmware | =23.0 | |
| Cisco BroadWorks Database Troubleshooting Server Firmware | =24.0 | |
| Cisco BroadWorks Database Troubleshooting Server Firmware | =25.0 | |
| Cisco Broadworks Database Troubleshooting Server Firmware | ||
| Cisco BroadWorks Execution Server Firmware | =23.0 | |
| Cisco BroadWorks Execution Server Firmware | =24.0 | |
| Cisco BroadWorks Execution Server Firmware | =25.0 | |
| Cisco Broadworks Execution Server Firmware | ||
| Cisco Broadworks Media Server Firmware | =23.0 | |
| Cisco Broadworks Media Server Firmware | =24.0 | |
| Cisco Broadworks Media Server Firmware | =25.0 | |
| Cisco Broadworks Media Server Firmware | ||
| Cisco BroadWorks Messaging Server | =23.0 | |
| Cisco BroadWorks Messaging Server | =24.0 | |
| Cisco BroadWorks Messaging Server | =25.0 | |
| Cisco BroadWorks Messaging Server | ||
| Cisco BroadWorks Network Database Server Firmware | =23.0 | |
| Cisco BroadWorks Network Database Server Firmware | =24.0 | |
| Cisco BroadWorks Network Database Server Firmware | =25.0 | |
| Cisco BroadWorks Network Database Server Firmware | ||
| Cisco BroadWorks Network Function Manager | =23.0 | |
| Cisco BroadWorks Network Function Manager | =24.0 | |
| Cisco BroadWorks Network Function Manager | =25.0 | |
| Cisco BroadWorks Network Function Manager Firmware | ||
| Cisco BroadWorks Network Server Firmware | =23.0 | |
| Cisco BroadWorks Network Server Firmware | =24.0 | |
| Cisco BroadWorks Network Server Firmware | =25.0 | |
| Cisco BroadWorks Network Server Firmware | ||
| Cisco BroadWorks Profile Server Firmware | =23.0 | |
| Cisco BroadWorks Profile Server Firmware | =24.0 | |
| Cisco BroadWorks Profile Server Firmware | =25.0 | |
| Cisco Broadworks Profile Server Firmware | ||
| Cisco BroadWorks Service Control Function Server Firmware | =23.0 | |
| Cisco BroadWorks Service Control Function Server Firmware | =24.0 | |
| Cisco BroadWorks Service Control Function Server Firmware | =25.0 | |
| Cisco Broadworks Service Control Function Server Firmware | ||
| Cisco Broadworks Sharing Server Firmware | =23.0 | |
| Cisco Broadworks Sharing Server Firmware | =24.0 | |
| Cisco Broadworks Sharing Server Firmware | =25.0 | |
| Cisco Broadworks Sharing Server Firmware | ||
| Cisco Broadworks Video Server Firmware | =23.0 | |
| Cisco Broadworks Video Server Firmware | =24.0 | |
| Cisco Broadworks Video Server Firmware | =25.0 | |
| Cisco Broadworks Video Server Firmware | ||
| Cisco BroadWorks Webrtc Server Firmware | =23.0 | |
| Cisco BroadWorks Webrtc Server Firmware | =24.0 | |
| Cisco BroadWorks Webrtc Server Firmware | =25.0 | |
| Cisco Broadworks Webrtc Server Firmware | ||
| Cisco BroadWorks Xtended Services Platform Firmware | =23.0 | |
| Cisco BroadWorks Xtended Services Platform Firmware | =24.0 | |
| Cisco BroadWorks Xtended Services Platform Firmware | =25.0 | |
| Cisco BroadWorks Xtended Services Platform Firmware | ||
| All of | ||
| Any of | ||
| Cisco BroadWorks Application Delivery Platform | =23.0 | |
| Cisco BroadWorks Application Delivery Platform | =24.0 | |
| Cisco BroadWorks Application Delivery Platform | =25.0 | |
| Cisco BroadWorks Application Delivery Platform Device Management | ||
| All of | ||
| Any of | ||
| Cisco BroadWorks | =23.0 | |
| Cisco BroadWorks | =24.0 | |
| Cisco BroadWorks | =25.0 | |
| Cisco Broadworks Application Server Firmware | ||
| All of | ||
| Any of | ||
| Cisco Broadworks Network Database Server | =23.0 | |
| Cisco Broadworks Network Database Server | =24.0 | |
| Cisco Broadworks Network Database Server | =25.0 | |
| Cisco Broadworks Network Database Server | ||
| All of | ||
| Any of | ||
| Cisco BroadWorks Database Troubleshooting Server Firmware | =23.0 | |
| Cisco BroadWorks Database Troubleshooting Server Firmware | =24.0 | |
| Cisco BroadWorks Database Troubleshooting Server Firmware | =25.0 | |
| Cisco Broadworks Database Troubleshooting Server Firmware | ||
| All of | ||
| Any of | ||
| Cisco BroadWorks Execution Server Firmware | =23.0 | |
| Cisco BroadWorks Execution Server Firmware | =24.0 | |
| Cisco BroadWorks Execution Server Firmware | =25.0 | |
| Cisco Broadworks Execution Server Firmware | ||
| All of | ||
| Any of | ||
| Cisco Broadworks Media Server Firmware | =23.0 | |
| Cisco Broadworks Media Server Firmware | =24.0 | |
| Cisco Broadworks Media Server Firmware | =25.0 | |
| Cisco Broadworks Media Server Firmware | ||
| All of | ||
| Any of | ||
| Cisco BroadWorks Messaging Server | =23.0 | |
| Cisco BroadWorks Messaging Server | =24.0 | |
| Cisco BroadWorks Messaging Server | =25.0 | |
| Cisco BroadWorks Messaging Server | ||
| All of | ||
| Any of | ||
| Cisco BroadWorks Network Database Server Firmware | =23.0 | |
| Cisco BroadWorks Network Database Server Firmware | =24.0 | |
| Cisco BroadWorks Network Database Server Firmware | =25.0 | |
| Cisco BroadWorks Network Database Server Firmware | ||
| All of | ||
| Any of | ||
| Cisco BroadWorks Network Function Manager | =23.0 | |
| Cisco BroadWorks Network Function Manager | =24.0 | |
| Cisco BroadWorks Network Function Manager | =25.0 | |
| Cisco BroadWorks Network Function Manager Firmware | ||
| All of | ||
| Any of | ||
| Cisco BroadWorks Network Server Firmware | =23.0 | |
| Cisco BroadWorks Network Server Firmware | =24.0 | |
| Cisco BroadWorks Network Server Firmware | =25.0 | |
| Cisco BroadWorks Network Server Firmware | ||
| All of | ||
| Any of | ||
| Cisco BroadWorks Profile Server Firmware | =23.0 | |
| Cisco BroadWorks Profile Server Firmware | =24.0 | |
| Cisco BroadWorks Profile Server Firmware | =25.0 | |
| Cisco Broadworks Profile Server Firmware | ||
| All of | ||
| Any of | ||
| Cisco BroadWorks Service Control Function Server Firmware | =23.0 | |
| Cisco BroadWorks Service Control Function Server Firmware | =24.0 | |
| Cisco BroadWorks Service Control Function Server Firmware | =25.0 | |
| Cisco Broadworks Service Control Function Server Firmware | ||
| All of | ||
| Any of | ||
| Cisco Broadworks Sharing Server Firmware | =23.0 | |
| Cisco Broadworks Sharing Server Firmware | =24.0 | |
| Cisco Broadworks Sharing Server Firmware | =25.0 | |
| Cisco Broadworks Sharing Server Firmware | ||
| All of | ||
| Any of | ||
| Cisco Broadworks Video Server Firmware | =23.0 | |
| Cisco Broadworks Video Server Firmware | =24.0 | |
| Cisco Broadworks Video Server Firmware | =25.0 | |
| Cisco Broadworks Video Server Firmware | ||
| All of | ||
| Any of | ||
| Cisco BroadWorks Webrtc Server Firmware | =23.0 | |
| Cisco BroadWorks Webrtc Server Firmware | =24.0 | |
| Cisco BroadWorks Webrtc Server Firmware | =25.0 | |
| Cisco Broadworks Webrtc Server Firmware | ||
| All of | ||
| Any of | ||
| Cisco BroadWorks Xtended Services Platform Firmware | =23.0 | |
| Cisco BroadWorks Xtended Services Platform Firmware | =24.0 | |
| Cisco BroadWorks Xtended Services Platform Firmware | =25.0 | |
| Cisco BroadWorks Xtended Services Platform Firmware |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2023-20210?
CVE-2023-20210 has a high severity rating due to its ability to allow privileged escalation to the root user.
How can I fix CVE-2023-20210?
To remediate CVE-2023-20210, apply the latest security patches provided by Cisco for the affected BroadWorks versions.
Who is affected by CVE-2023-20210?
CVE-2023-20210 affects Cisco BroadWorks versions 23.0, 24.0, and 25.0 across various components.
What type of attack could exploit CVE-2023-20210?
CVE-2023-20210 could be exploited by an authenticated local attacker issuing crafted commands to the system CLI.
Is there a workaround for CVE-2023-20210?
Currently, there are no known workarounds for CVE-2023-20210, making patching the only effective mitigation.
- collector/nvd-latest
- agent/type
- agent/severity
- agent/references
- agent/weakness
- agent/description
- agent/first-publish-date
- agent/event
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/source
- agent/author
- agent/tags
- agent/softwarecombine
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- vendor/cisco
- canonical/cisco broadworks application delivery platform
- version/cisco broadworks application delivery platform/23.0
- version/cisco broadworks application delivery platform/24.0
- version/cisco broadworks application delivery platform/25.0
- canonical/cisco broadworks application delivery platform device management
- canonical/cisco broadworks
- version/cisco broadworks/23.0
- version/cisco broadworks/24.0
- version/cisco broadworks/25.0
- canonical/cisco broadworks application server firmware
- canonical/cisco broadworks network database server
- version/cisco broadworks network database server/23.0
- version/cisco broadworks network database server/24.0
- version/cisco broadworks network database server/25.0
- canonical/cisco broadworks database troubleshooting server firmware
- version/cisco broadworks database troubleshooting server firmware/23.0
- version/cisco broadworks database troubleshooting server firmware/24.0
- version/cisco broadworks database troubleshooting server firmware/25.0
- canonical/cisco broadworks execution server firmware
- version/cisco broadworks execution server firmware/23.0
- version/cisco broadworks execution server firmware/24.0
- version/cisco broadworks execution server firmware/25.0
- canonical/cisco broadworks media server firmware
- version/cisco broadworks media server firmware/23.0
- version/cisco broadworks media server firmware/24.0
- version/cisco broadworks media server firmware/25.0
- canonical/cisco broadworks messaging server
- version/cisco broadworks messaging server/23.0
- version/cisco broadworks messaging server/24.0
- version/cisco broadworks messaging server/25.0
- canonical/cisco broadworks network database server firmware
- version/cisco broadworks network database server firmware/23.0
- version/cisco broadworks network database server firmware/24.0
- version/cisco broadworks network database server firmware/25.0
- canonical/cisco broadworks network function manager
- version/cisco broadworks network function manager/23.0
- version/cisco broadworks network function manager/24.0
- version/cisco broadworks network function manager/25.0
- canonical/cisco broadworks network function manager firmware
- canonical/cisco broadworks network server firmware
- version/cisco broadworks network server firmware/23.0
- version/cisco broadworks network server firmware/24.0
- version/cisco broadworks network server firmware/25.0
- canonical/cisco broadworks profile server firmware
- version/cisco broadworks profile server firmware/23.0
- version/cisco broadworks profile server firmware/24.0
- version/cisco broadworks profile server firmware/25.0
- canonical/cisco broadworks service control function server firmware
- version/cisco broadworks service control function server firmware/23.0
- version/cisco broadworks service control function server firmware/24.0
- version/cisco broadworks service control function server firmware/25.0
- canonical/cisco broadworks sharing server firmware
- version/cisco broadworks sharing server firmware/23.0
- version/cisco broadworks sharing server firmware/24.0
- version/cisco broadworks sharing server firmware/25.0
- canonical/cisco broadworks video server firmware
- version/cisco broadworks video server firmware/23.0
- version/cisco broadworks video server firmware/24.0
- version/cisco broadworks video server firmware/25.0
- canonical/cisco broadworks webrtc server firmware
- version/cisco broadworks webrtc server firmware/23.0
- version/cisco broadworks webrtc server firmware/24.0
- version/cisco broadworks webrtc server firmware/25.0
- canonical/cisco broadworks xtended services platform firmware
- version/cisco broadworks xtended services platform firmware/23.0
- version/cisco broadworks xtended services platform firmware/24.0
- version/cisco broadworks xtended services platform firmware/25.0