PT-2023-17402 · Cisco · Cisco Broadworks Application Delivery Platform+1
Published
2023-01-19
·
Updated
2024-01-25
·
CVE-2023-20020
CVSS v3.1
8.6
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
Cisco BroadWorks Application Delivery Platform (affected versions not specified)
Cisco BroadWorks Xtended Services Platform (affected versions not specified)
Description
A vulnerability in the Device Management Servlet application could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to improper input validation when parsing HTTP requests. An attacker could exploit this vulnerability by sending a sustained stream of crafted requests to an affected device. A successful exploit could allow the attacker to cause all subsequent requests to be dropped, resulting in a DoS condition.
Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Infinite Loop
RCE
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Cisco Broadworks Application Delivery Platform
Cisco Broadworks Xtended Services Platform