Cyber Security Threat Summary:
Cisco has addressed multiple security vulnerabilities, including a critical bug (CVE-2023-20238), which could be exploited by remote attackers to gain control of affected systems or cause a denial-of-service (DoS) condition. The most severe vulnerability allows an attacker to bypass authentication, potentially leading to unauthorized access and misuse of the system. Additionally, a high-severity flaw (CVE-2023-20243) in the RADIUS message processing feature of Cisco Identity Services Engine could disrupt network access. An unpatched authentication bypass vulnerability (CVE-2023-4498) in Tenda's N300 Wireless N VDSL2 Modem Router also poses risks” (TheHackerNews, 2023). Security Officer Comments:
The critical vulnerability (CVE-2023-20238) in Cisco's BroadWorks platforms allows attackers to forge credentials, potentially enabling toll fraud or unauthorized commands execution. To mitigate this, users must apply the provided fixes. The high-severity flaw (CVE-2023-20243) in Cisco Identity Services Engine disrupts RADIUS packet processing, causing authentication or authorization timeouts. Users should update to secure versions. Lastly, the unpatched Tenda modem router vulnerability (CVE-2023-4498) permits unauthorized access to sensitive information, highlighting the need to disable remote administration services and the WAN web interface if a security update is unavailable. Suggested Correction(s):
- For CVE-2023-20238:
Apply security fixes available in versions AP.platform.23.0.1075.ap385341, 2023.06_1.333, and 2023.07_1.332.
- For CVE-2023-20243:
Update to Cisco Identity Services Engine versions 3.1P7 and 3.2P3 to mitigate the RADIUS message processing flaw.
- For CVE-2023-4498:
In the absence of a security update, disable both remote (WAN-side) administration services and the WAN web interface on Tenda's N300 Wireless N VDSL2 Modem Router to prevent unauthorized access to sensitive information.