Rewterz Threat Advisory – CVE-2023-38138 – F5 BIG-IP Vulnerability
August 3, 2023Rewterz Threat Advisory – CVE-2023-20204 – Cisco BroadWorks CommPilot Application Software Vulnerability
August 3, 2023Rewterz Threat Advisory – CVE-2023-38138 – F5 BIG-IP Vulnerability
August 3, 2023Rewterz Threat Advisory – CVE-2023-20204 – Cisco BroadWorks CommPilot Application Software Vulnerability
August 3, 2023Severity
Medium
Analysis Summary
CVE-2023-20215
Cisco AsyncOS Software for Cisco Secure Web Appliance could allow a remote attacker to bypass security restrictions, caused by improper detection of malicious traffic when the traffic is encoded with a specific content format. By using an affected device to connect to a malicious server and receiving crafted HTTP responses, an attacker could exploit this vulnerability to bypass an explicit block rule and receive traffic that should have been rejected by the device
Impact
- Security Bypass
Indicators Of Compromise
CVE
- CVE-2023-20215
Affected Vendors
Cisco
Affected Products
- Cisco AsyncOS for Secure Web Appliance
- Cisco Secure Web Appliance
Remediation
Refer to Cisco Security Advisory for patch, upgrade or suggested workaround information.