www.itnews.com.au
Open in
urlscan Pro
203.176.102.69
Public Scan
URL:
https://www.itnews.com.au/news/cisco-sso-authentication-bug-patched-599963
Submission: On September 08 via api from TR — Scanned from AU
Submission: On September 08 via api from TR — Scanned from AU
Form analysis 1 forms found in the DOM
POST /news/cisco-sso-authentication-bug-patched-599963
<form id="frm-login" action="/news/cisco-sso-authentication-bug-patched-599963" method="post">
<h3 class="section-header"><span>Log In</span></h3>
<div id="login-form-register"><a href="/register">Don't have an account? Register now!</a></div>
<div id="login-validation"></div>
<div id="login-response"></div>
<div class="form-label email-login">Email:</div>
<div class="form-input"><input id="username" name="username" type="text" required=""></div>
<div class="form-label password-login">Password:</div>
<div class="form-input"><input id="password" name="password" type="password" required=""></div>
<div class="row form-checkbox">
<input id="rememberMe" name="rememberMe" type="checkbox"><label for="rememberMe">Remember me</label><span> | <a href="/forgot" title="Forgot your password?">Forgot your password?</a></span>
</div>
</form>Text Content
Latest News UK HAS NOT BACKED DOWN IN TECH ENCRYPTION ROW, MINISTER SAYS MICROSOFT TO DEFEND CUSTOMERS ON AI COPYRIGHT CHALLENGES ANZ WORLDLINE PAYMENT SOLUTIONS SWITCHES ON TAP TO PAY ON IPHONE CARSALES DRIVES REAL TIME DATA NBN CO WORKS ON ITS FIBRE UPGRADE PROCESSES * Australia Edition * Asia Edition LOG IN SUBSCRIBE Search BUSINESS CLOUD DATA CENTRE EDUCATION FINANCE HARDWARE HEALTHCARE INDUSTRIAL NETWORKING PROJECTS SOFTWARE STORAGE STRATEGY TECHNOLOGY TELCO/ISP State of Security State of Sustainability State of IT Focal Points MEDIA HUB PARTNER CONTENT PARTNER HUBS RESEARCH * NEWS * GOVERNMENT * SECURITY * REPORTS * RESOURCES * PODCAST * BENCHMARKS NEWS BUSINESS CLOUD DATA CENTRE EDUCATION FINANCE HARDWARE HEALTHCARE INDUSTRIAL NETWORKING PROJECTS SOFTWARE STORAGE STRATEGY TECHNOLOGY TELCO/ISP GOVERNMENT SECURITY REPORTS State of Security State of Sustainability State of IT RESOURCES Focal Points MEDIA HUB PARTNER CONTENT PARTNER HUBS RESEARCH PODCAST BENCHMARKS Australia Edition Asia Edition LOG IN Email: Password: Remember me | Forgot password? Don't have an account? Register now! * Home * News * Technology * Security CISCO SSO AUTHENTICATION BUG PATCHED By Richard Chirgwin Sep 7 2023 12:17PM BROADWORKS PLATFORMS VULNERABLE. Cisco has announced patches for a critical credential forgery bug in some of its BroadWorks platforms. The networking vendor said CVE-2023-20238 affects the single sign-on implementation used by its BroadWorks Xtended Services platform and BroadWorks application delivery platform. The bug “could allow an unauthenticated, remote attacker to forge the credentials required to access an affected system”, the advisory stated. An attacker using a valid user ID to authenticate with forged credentials could commit toll fraud, the advisory said, or “execute commands at the privilege level of the forged account” – all the way up to administrator level. At that level, “the attacker would have the ability to view confidential information, modify customer settings, or modify settings for other users.” The two BroadWorks platforms are affected if they have any of the following applications enabled: AuthenticationService, BWCallCenter, BWReceptionist, CustomMediaFilesRetrieval, ModeratorClientApp, PublicECLQuery, PublicReporting, UCAPI, Xsi-Actions, Xsi-Events, Xsi-MMTel, or Xsi-VTR," Cisco said. Users of BroadWorks Application Delivery and Xtended Services version 22 or below need to migrate to a fixed release; a patch is available for users on version 23 branches. In a separate advisory, Cisco also announced a high-severity denial-of-service bug in its Identity Services Engine (ISE), CVE-2023-20243. The ISE’s RADIUS message processor, present in a number of network access devices, can be crashed with a crafted packet. Another four less severe bugs were patched in Cisco’s latest cycle. Got a news tip for our journalists? Share it with us anonymously here. Copyright © iTnews.com.au . All rights reserved. Tags: broadworkscisconetworkingsecurity RELATED ARTICLES * UK has not backed down in tech encryption row, minister says * Crash log exposed Microsoft Outlook keys to threat actor * Defence Housing Australia investigates third-party provider hack exposure * TikTok hires Britain's NCC for auditing data security PARTNER CONTENT Partner Content Holding onto the best: 5 tips for retaining top IT talent Partner Content Robust identity management bolsters security and boosts revenues in higher education Partner Content How to secure your cloud-based business without cloud-security expertise Partner Content Identity security has never been more vital SPONSORED WHITEPAPERS How to reach the ‘Holy Grail’ of security and performance with SASE Unveiling the Invisible Threat: Mastering the Art of Conveying Cyber Risks to Boards Transforming Your Business The Complete Cloud Security Buyer's Guide The Complete MDR Buyer's Guide MOST READ ARTICLES AUSTRALIAN AUTHORITIES TIRE OF EXCUSES, DELAYS ON DATA BREACH DISCLOSURE UNIVERSITY OF SYDNEY CAUGHT UP IN THIRD-PARTY DATA BREACH DEFENCE HOUSING AUSTRALIA INVESTIGATES THIRD-PARTY PROVIDER HACK EXPOSURE GOV AGENCIES NEED TO HAVE A CISO Please enable JavaScript to view the comments powered by Disqus. DIGITAL NATION COVER STORY: What AI regulation might look like in Australia State of Security 2023 Health tech startup Kismet raises $4m in pre-seed funding How eBay uses interaction analytics to improve CX More than half of loyalty members concerned about their data Sponsored Links * Rittal All-in-one Micro Data Centre Solutions for all on-premise applications – Rack, Power, Cooling, Security & Monitoring. MOST POPULAR TECH STORIES * STATE OF SECURITY 2023 COVER STORY: SUSTAINABILITY AND AI, A PROMISING PARTNERSHIP OR AN ENVIRONMENTAL GREY AREA? FYAI: WHAT IS AN AI HALLUCINATION AND HOW DOES IT IMPACT BUSINESS LEADERS? CASE STUDY: WARREN AND MAHONEY ADOPTS DIGITAL TOOLS TO REDUCE ITS CARBON FOOTPRINT CRICKET AUSTRALIA AUTOMATES EXPERIENCES FOR FANS AND PLAYERS * NOMINATIONS FOR THE 2023 CRN FAST50 ARE NOW OPEN! PHOTOS: SEE WHO WAS SPOTTED AT THE CRN IMPACT AWARDS 2023 WHO ARE THE FINALISTS IN THE CRN IMPACT AWARDS? DATA#3 RECOGNISED FOR MICROSOFT SURFACE PROWESS STATE OF SECURITY 2023 * RIGHT TO REPAIR: LARGE SCALE IT BUYERS CAN INFLUENCE PRODUCT DESIGN... AND THEY SHOULD SHIVERING IN SUMMER? SWEATING IN WINTER? YOUR BUILDING IS LIVING A LIE BUILDING A MODERN WORKPLACE FOR A REMOTE WORKFORCE VENOM BLACKBOOK ZERO 15 PHANTOM HOW LONG WILL A UPS KEEP YOUR COMPUTERS ON IF THE LIGHTS GO OUT? * ANNOUNCING THE 2022-23 IOT AWARDS FINALISTS PHOTOS: THE 2023 IOT AWARDS WINNERS ANNOUNCING THE WINNERS OF THE 2023 IOT AWARDS PHOTOS: IOT IMPACT 2023 BRINGS TOGETHER DATA-ENABLED PRODUCTIVITY, SUSTAINABILITY AND TRUST OPPORTUNITIES WHEN MINUTES SAVE LIVES: IOT DELIVERS EARLIER FLOOD WARNINGS Contact Us About Us Feedback Advertise Newsletter Archive Site Map RSS © 2023 nextmedia Pty Ltd. OTHER TECH SITES: BIT | CRN Australia | Digital Nation | IoT Hub All rights reserved. This material may not be published, broadcast, rewritten or redistributed in any form without prior authorisation. Your use of this website constitutes acceptance of nextmedia's Privacy Policy and Terms & Conditions. Powered By Accept By using our site you accept that we use and share cookies and similar technologies to perform analytics and provide content and ads tailored to your interests. By continuing to use our site, you consent to this. Please see our Cookie Policy for more information. Close LOG IN Don't have an account? Register now! Email: Password: Remember me | Forgot your password? Log InCancel