Cisco BroadWorks Privilege Escalation Vulnerability
cisco-sa-bw-priv-esc-qTgUZOsQ · Medium · Published · Updated
A vulnerability in the privilege management functionality of all Cisco BroadWorks server types could allow an authenticated, local attacker to elevate privileges to root on an affected system. This vulnerability is due to incorrect implementation of user role permissions. An attacker could exploit this vulnerability by authenticating to the application as a user with the BWORKS or BWSUPERADMIN role and issuing crafted commands on an affected system. A successful exploit could allow the attacker to execute commands beyond the sphere of their intended access level, including initiating installs or running operating system commands with elevated permissions. Cisco has released software updates that address this vulnerability. There are workarounds that address this vulnerability. This advisory is available at the following link:https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-bw-priv-esc-qTgUZOsQ
Workarounds
There is a workaround that addresses this vulnerability.
From the CLI, comment out the following line from /etc/sudoers. The resulting line will be:
# %wheel ALL=(ALL) ALL
While this workaround has been deployed and was proven successful in a test environment, customers should determine the applicability and effectiveness in their own environment and under their own use conditions. Customers should be aware that any workaround or mitigation that is implemented may negatively impact the functionality or performance of their network based on intrinsic customer deployment scenarios and limitations. Customers should not deploy any workarounds or mitigations before first evaluating the applicability to their own environment and any impact to such environment.
| CVEs | CVE-2023-20216 |
|---|---|
| Cisco Bug IDs | CSCwf13046 |
| CVSS Score | Base 4.4 Base 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N/E:X/RL:X/RC:X |
| Product Names From Source | Cisco BroadWorks |
Related Products
| Product | CVE | Evidence |
|---|