CVE-2023-20125— Cisco BroadWorks 资源管理错误漏洞
新しい脆弱性情報の通知を購読するログインして購読
I. CVE-2023-20125の基本情報
脆弱性情報
脆弱性についてご質問がありますか?Shenlongの分析が参考になるかご確認ください!
Shenlongの10の質問を表示 ↗ 高度な大規模言語モデル技術を使用していますが、出力には不正確または古い情報が含まれる可能性があります。Shenlongはデータの正確性を確保するよう努めていますが、実際の状況に基づいて検証・判断してください。
脆弱性タイトル
Cisco BroadWorks Network Server TCP Denial of Service Vulnerability
ソース: NVD (National Vulnerability Database)
脆弱性説明
A vulnerability in the local interface of Cisco BroadWorks Network Server could allow an unauthenticated, remote attacker to exhaust system resources, causing a denial of service (DoS) condition. This vulnerability exists because rate limiting does not occur for certain incoming TCP connections. An attacker could exploit this vulnerability by sending a high rate of TCP connections to the server. A successful exploit could allow the attacker to cause TCP connection resources to grow rapidly until the Cisco BroadWorks Network Server becomes unusable. Note: To recover from this vulnerability, either Cisco BroadWorks Network Server software must be restarted or the Cisco BroadWorks Network Server node must be rebooted. For more information, see the section of this advisory. Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
ソース: NVD (National Vulnerability Database)
CVSS情報
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
ソース: NVD (National Vulnerability Database)
脆弱性タイプ
未加控制的资源消耗(资源穷尽)
ソース: NVD (National Vulnerability Database)
脆弱性タイトル
Cisco BroadWorks 资源管理错误漏洞
ソース: CNNVD (China National Vulnerability Database)
脆弱性説明
Cisco BroadWorks是美国思科(Cisco)公司的一个运营商级统一通信软件平台。用于在任何类型的有线或无线网络架构上部署来自公共网络平台的云呼叫。 Cisco BroadWorks存在资源管理错误漏洞,该漏洞源于某些传入TCP连接未发生速率限制。未经身份验证的远程攻击者利用该漏洞能够耗尽系统资源,从而导致拒绝服务。
ソース: CNNVD (China National Vulnerability Database)
CVSS情報
N/A
ソース: CNNVD (China National Vulnerability Database)
脆弱性タイプ
N/A
ソース: CNNVD (China National Vulnerability Database)
影響を受ける製品
| ベンダー | プロダクト | 影響を受けるバージョン | CPE | 購読 |
|---|---|---|---|---|
| Cisco | Cisco BroadWorks | 22.0 | - |
II. CVE-2023-20125の公開POC
| # | POC説明 | ソースリンク | Shenlongリンク |
|---|
AI生成POCプレミアム
公開POCは見つかりませんでした。
ログインしてAI POCを生成III. CVE-2023-20125のインテリジェンス情報
请登录查看更多情报信息。
Same Patch Batch · Cisco · 2024-11-15 · 50 CVEs total
| CVE-2023-20036 | 9.9 CRITICAL | Cisco Industrial Network Director Command Injection Vulnerability |
| CVE-2023-20154 | 9.1 CRITICAL | Cisco Modeling Labs External Authentication Bypass Vulnerability |
| CVE-2022-20655 | 8.8 HIGH | Cisco 多款产品操作系统命令注入漏洞 |
| CVE-2022-20649 | 8.1 HIGH | Cisco Redundancy Configuration Manager Debug Remote Code Execution Vulnerability |
| CVE-2022-20685 | 7.5 HIGH | Multiple Cisco Products Snort Modbus Denial of Service Vulnerability |
| CVE-2022-20853 | 7.4 HIGH | Cisco Expressway Series and Cisco TelePresence VCS Cross-Site Request Forgery Vulnerabilit |
| CVE-2022-20814 | 7.4 HIGH | Cisco Expressway Series and Cisco TelePresence VCS Improper Certificate Validation Vulnera |
| CVE-2022-20793 | 6.8 MEDIUM | Cisco Touch 10 Device Insufficient Identity Verification Vulnerability |
| CVE-2021-34752 | 6.7 MEDIUM | Cisco Firepower Threat Defense Command Injection Vulnerabilities |
| CVE-2023-20090 | 6.7 MEDIUM | Cisco TelePresence Collaboration Endpoint and RoomOS Software Privilege Escalation Vulnera |
| CVE-2021-1484 | 6.5 MEDIUM | Cisco SD-WAN vManage Command Injection Vulnerability |
| CVE-2022-20652 | 6.5 MEDIUM | Cisco Tetration Command Injection Vulnerability |
| CVE-2022-20656 | 6.5 MEDIUM | Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager Path Traversal V |
| CVE-2022-20931 | 6.5 MEDIUM | Cisco Touch 10 Device Downgrade Attack Vulnerability |
| CVE-2021-1483 | 6.4 MEDIUM | Cisco SD-WAN vManage Software XML External Entity Vulnerability |
| CVE-2021-1482 | 6.4 MEDIUM | Cisco SD-WAN vManage Authorization Bypass Vulnerability |
| CVE-2022-20871 | 6.3 MEDIUM | Cisco Secure Web Appliance Privilege Escalation Vulnerability |
| CVE-2022-20631 | 6.1 MEDIUM | Cisco Enterprise Chat and Email Cross-Site Scripting Vulnerability |
| CVE-2022-20663 | 6.1 MEDIUM | Secure Network Analytics Cross-Site Scripting Vulnerability |
| CVE-2022-20657 | 6.1 MEDIUM | Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager Cross-Site Scrip |
Showing 20 of 50 CVEs. View all on vendor page →
IV. 関連脆弱性
同じ製品: Cisco BroadWorks
- CVE-2025-20307
Cisco BroadWorks Application Delivery Platform Cross-Site Sc - CVE-2025-20211
Cisco BroadWorks Application Delivery Platform Software Cros - CVE-2025-20165
Cisco BroadWorks SIP Denial of Service Vulnerability - CVE-2022-20948
Cisco BroadWorks Hosted Thin Receptionist Cross-Site Scripti - CVE-2024-20270
Cisco BroadWorks Application 安全漏洞
同じベンダー: Cisco
- CVE-2026-20219
Cisco Slido 安全漏洞 - CVE-2026-20034
Cisco Unity Connection Remote Code Execution Vulnerability - CVE-2026-20035
Cisco Unity Connection Server-Side Request Forgery Vulnerabi - CVE-2026-20167
Cisco IoT Field Network Director Remote Device Denial of Ser - CVE-2026-20169
Cisco IoT Field Network Director Command Injection Vulnerabi
同じ弱点: CWE-400
- CVE-2026-8187
Open5GS UPF gtp-path.c _gtpv1_u_recv_cb resource consumption - CVE-2026-42343
FastGPT: Uncontrolled Resource Consumption leading to Sandbo - CVE-2026-42212
SolidCAM-GPPL-IDE: XML External Entity (XXE) and billion-lau - CVE-2026-32686
Unbounded exponent in decimal enables unauthenticated DoS - CVE-2026-20188
Cisco Crosswork Network Controller and Cisco Network Service
V. CVE-2023-20125へのコメント
まだコメントはありません