Home Cisco CVE-2023-20238
Back to Cisco

CVE-2023-20238

Cisco BroadWorks Application Delivery Platform - SSO Implementation

Cisco CVSS 10 Updated March 18, 2026

Executive Risk Summary

"A vulnerability in the single sign-on (SSO) implementation of Cisco BroadWorks Application Delivery Platform and Cisco BroadWorks Xtended Services Platform could allow an unauthenticated, remote attacker to forge the credentials required to access an affected system. A successful exploit could allow the attacker to commit toll fraud or to execute commands at the privilege level of the forged account."

Operational Audit Arsenal

Target Type Firmware Image
Target Asset Cisco BroadWorks System
Standard Path Global Firmware

Manual Verification Required

This is a non-Windows asset (Cisco). Use the target asset details and official path provided above to verify your current version against the official vendor advisories listed below.

Patch Impact Forecast

Reboot Required Likely

Potential service disruption during patch application

Internal Work Notes

CVE-2023-20238: Unauthenticated SSO bypass vulnerability in Cisco BroadWorks, potential for toll fraud or privilege escalation. Apply patch as recommended by Cisco.

Technical Intelligence & Operational Utilities • Delivered Weekly

Intelligence Sources

Official Advisoryhttps://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-bw-auth-bypass-kCggMWhX
Official Advisoryhttps://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-bw-auth-bypass-kCggMWhX

Related Cisco Threats

CVE-2026-20079 CVSS 10

Secure Firewall Management Center (FMC) Software
CVE-2026-20127 CVSS 10

Catalyst SD-WAN Controller - Peering Authentication
CVE-2025-20188 CVSS 10

Cisco IOS XE - Wireless LAN Controllers
Data compiled from NVD, MSRC, and CISA KEV Catalog. Intelligence synthesized via AI. Scripts provided for diagnostic purposes under MIT License.