VDB
CVE-2023-20020
CVE-2023-20020
PUBLISHED
CVSS 8.600000381469727 HIGH
A vulnerability in the Device Management Servlet application of Cisco BroadWorks Application Delivery Platform and Cisco BroadWorks Xtended Services Platform could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to improper input validation when parsing HTTP requests. An attacker could exploit this vulnerability by sending a sustained stream of crafted requests to an affected device. A successful exploit could allow the attacker to cause all subsequent requests to be dropped, resulting in a DoS condition.
EPSS 0.38% · 60.0th percentile
Risk Scores
CVSS 3.1
8.600000381469727
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
EPSS Score
0.38%
60.0th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| cisco | broadworks_xtended_services_platform | 22.0 |
| Cisco | Cisco BroadWorks | 23.0, 23.0 ap380391, 23.0 ap380396 |
| cisco | broadworks_application_delivery_platform_device_management | 22.0 |
Exploit Intelligence
- cisco-sa-bw-dos-HpkeYzp (circl)
Timeline
- Jan 12, 2023 CVE Published
- Jan 17, 2023 CVE Updated
- Jan 20, 2023 EPSS Score
- Mar 2, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- Apr 11, 2023 EPSS Score
- May 22, 2023 EPSS Score
- Jul 1, 2023 EPSS Score
- Aug 11, 2023 EPSS Score
- Sep 20, 2023 EPSS Score
- Oct 31, 2023 EPSS Score
- Dec 10, 2023 EPSS Score
References
- https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ip-phone-auth-bypass-pSqxZRPR advisory
- https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sbr042-multi-vuln-ej76Pke5 advisory
- https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ind-fZyVjJtG advisory
- https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-bw-dos-HpkeYzp advisory
- https://nvd.nist.gov/vuln/detail/CVE-2023-20020 advisory