Vulnerability Details : CVE-2023-20020
A vulnerability in the Device Management Servlet application of Cisco BroadWorks Application Delivery Platform and Cisco BroadWorks Xtended Services Platform could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.
This vulnerability is due to improper input validation when parsing HTTP requests. An attacker could exploit this vulnerability by sending a sustained stream of crafted requests to an affected device. A successful exploit could allow the attacker to cause all subsequent requests to be dropped, resulting in a DoS condition.
Vulnerability category: Input validationDenial of service
Products affected by CVE-2023-20020
- Cisco » Broadworks Xtended Services PlatformVersions from including (>=) 22.0 and before (<) 23.0.1075.ap384245cpe:2.3:a:cisco:broadworks_xtended_services_platform:*:*:*:*:*:*:*:*
- Cisco » Broadworks Application Delivery Platform Device ManagementVersions from including (>=) 22.0 and before (<) 2022.11_1.273cpe:2.3:a:cisco:broadworks_application_delivery_platform_device_management:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2023-20020
0.14%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 50 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2023-20020
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
8.6
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H |
3.9
|
4.0
|
NIST | |
8.6
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H |
3.9
|
4.0
|
Cisco Systems, Inc. |
CWE ids for CVE-2023-20020
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: nvd@nist.gov (Primary)
-
The product contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop.Assigned by: ykramarz@cisco.com (Secondary)
References for CVE-2023-20020
-
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-bw-dos-HpkeYzp
Cisco BroadWorks Application Delivery Platform and Xtended Services Platform Denial of Service VulnerabilityVendor Advisory
Jump to