CVE-2023-20216

Name of the Vulnerable Software and Affected Versions Cisco BroadWorks (affected versions not specified)

Description A vulnerability in the privilege management functionality could allow an authenticated, local attacker to elevate privileges to root on an affected system. This issue is due to incorrect implementation of user role permissions. An attacker could exploit this by authenticating as a user with the BWORKS or BWSUPERADMIN role and issuing crafted commands. A successful exploit could allow the attacker to execute commands beyond their intended access level, including initiating installs or running operating system commands with elevated permissions.

Recommendations There are workarounds that address this vulnerability. As a temporary workaround, consider restricting access to users with the BWORKS or BWSUPERADMIN roles until a patch is available. Restricting the execution of crafted commands on affected systems can also minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.