CVE-2023-20204

Name of the Vulnerable Software and Affected Versions Cisco BroadWorks CommPilot Application Software (affected versions not specified) Cisco BroadWorks Application Server (AS) (affected versions not specified) Cisco BroadWorks Xtended Services Platform (XSP) (affected versions not specified) BroadWorks Application Delivery Platform (affected versions not specified)

Description A vulnerability in the web-based management interface could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. This issue exists because the interface does not properly validate user-supplied input. An attacker could exploit this by persuading a user to click a crafted link, potentially allowing the execution of arbitrary script code in the context of the affected interface or access to sensitive, browser-based information.

Recommendations For Cisco BroadWorks CommPilot Application Software, ensure proper validation of user-supplied input in the web-based management interface to prevent cross-site scripting attacks. For Cisco BroadWorks Application Server (AS), consider implementing additional security measures to protect the web interface structure. For Cisco BroadWorks Xtended Services Platform (XSP) and BroadWorks Application Delivery Platform, restrict access to the web-based management interface until a fix is available. As a temporary workaround, consider disabling the web-based management interface until a patch is available. Restrict access to sensitive, browser-based information to minimize the risk of exploitation.