log insave content
Available languages
Updated:11 January 2023
Document identification:1673455377199204
unprejudiced language
The documentation set for this product strives to use non-judgmental language. For purposes of this documentation set, unbiased language is defined that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may exist in the documentation due to the language coded in the product software user interfaces, the language used in the RFP documentation, or the language used by a referenced third-party product.Learn moreabout how Cisco uses inclusive language.
'+h2+'
' + mástexto + ''; $t(esto).html(html); $t(esto).find("div.full").toggle(); } } } catch(exc){consola.log(exc); $t(esto).html(htmlBase); } }); $t(".morelink").click(function () { if ($t(this).hasClass("less")) { $t(this).removeClass("less"); $t(this). texto(mástexto); } else { $t(esto).addClass("menos"); $t(esto).texto(menostexto); } $t(esto).parent().find("div.snippet" ).toggle(); $t(this).parent().find("div.full").toggle(); return false; }); //$t(.btnShowMoreRows").click(function () { //$t('table').find('tr:gt(3)').toggle(); //}); var contador de filas = 1; var rowSpanIndexes = []; var IndexAjustado = 0; var aktuellerRowSpanCounter = 0; var actualCellCaption = []; var colIndex = 0; var filaSpanCellArray = []; $t('#ud-master-container').find('table').not($t('#ud-revision-history').find('table')).parent().each(function () { var parent = $t(this);//.parent(); var content = $t(this).html();//.parent().html(); var update = false; var tblStrings = ""; parent.find('table').each(function () { update = true; var escTable = $t(this)[0].outerHTML; var newIndex = content.indexOf(escTable); if (tblStrings .indexOf(escTable) == -1) { currentCellCaption = [0]; tblStrings += escTable; var c2 = content.substring(newIndex); var c3 = c2; var scrollTable = false; if ($t(this). hasClass("cisco-data-table")) { try{ rowSpanIndexes = []; rowCounter = 1; var tmp = $t(document.createElement('div')) $t(this).clone().appendTo( tmp); var replaceTable = $t(tmp).find("tabla"); replaceTable.find("tr,td,tbody,thead").remove(); replaceTable.append("
"); replaceTable = $t(tmp).find("table"); if (!replaceTable.hasClass("cisco-data-table-small")) { replaceTable.addClass("cisco-data-table-small" ); } if (replaceTable.hasClass("cisco-data-table")) { replaceTable.removeClass("cisco-data-table"); } if (replaceTable.attr("id")) { replaceTable.attr(" id",replaceTable.attr("id")+"-small"); } $t(this).find("tr").each(function (index) { currentRowSpanCounter = 0; if (!$t(this ).hasClass("Datentabellenkopfzeile") && !$t(this).hasClass("Datentabellenabschnittskopfzeile")) { $t(this).find("th,td ") == r) { replaceTable.find("tbody:first").append("
") if ((rowCounter) % 2 == 0) { replaceTable.find("tbody:first > tr:last").addClass("data-table-alternate-row"); } } colIndex = colIndex + 1; } } } colIndex = colIndex - aktuellerRowSpanCounter; if ($t(this).attr("rowspan") != undefiniert && $t(this).attr("rowspan") > 1) { rowSpanIndexes[colIndex] = $t (this).attr("rowspan"); rowSpanCellArray[colIndex] = $t(this); currentRowSpanCounter++; } if (!$t(this).hasClass("data-table-caption-cell") && !$t (this).hasClass("data-table-header-cell")) { for(var cidx = index-1; cidx >=0; cidx--) { var cidxe = $t(this).parent(). children()[cidx]; var cidxspan = $t(cidxe).attr("colspan"); if(cidxspan != indefinido && cidxspan > 1) { colIndex = colIndex + (cidxspan - 1) } } replaceTable.find( "tbody:primero").append("
") if ((rowCounter) % 2 == 0) { replaceTable.find("tbody:first > tr:last").addClass("data-table-alternate-row"); } if ($t(this) .attr("colspan") != indefinido && $t(esto).attr("colspan") > 1) { var colSpan = $t(esto).attr("colspan"); var cs = 1 hacer{ si ($t(this).attr("rowspan") != indefinido && $t(this).attr("rowspan") > 1) { rowSpanIndexes[cs+colIndex] = $t(this).attr("rowspan "); rowSpanCellArray[cs+colIndex] = $t(this); currentRowSpanCounter++; } replaceTable.find("tbody:first").append("
") if ((rowCounter) % 2 == 0) { replaceTable.find("tbody:first > tr:last").addClass("data-table-alternate-row"); } cs++; }while(cs < colSpan) } } else if ($t(this).hasClass("data-table-caption-cell")) { currentCellCaption[colIndex] = $t(this).html(); var captionColSpan = $t(this) .attr("colspan"); for (c = colIndex + 1; c <= colIndex + captionColSpan - 1; c++) { currentCellCaption[c] = $t(this)[0].innerHTML; } } else if ($ t(this).parent().hasClass("data-table-section-header-row")) { $t(replaceTable).find("tbody:first").append("
") var newCell = $t(replaceTable).find("tbody > tr:last > td:last"); var newRow = $t(replaceTable).find("tbody > tr:last"); newRow.attr( "estilo", $t(este).parent().attr("estilo")); newRow.addClass($t(this).parent().attr("class")); newCell.attr("colspan ", 2); newCell.attr("estilo", $t(this).attr("style")); newCell.addClass($t(this).attr("class")); } }); rowCounter++ ; } else { rowCounter = 1; $t(this).find("td,th").each(function (index) { colIndex = index; if (rowSpanIndexes.length > 0) { for (r = 0; r <= colIndex ; r++) { if (rowSpanIndexes[r] > 0) { colIndex = colIndex + 1; } } } if ($t(this).hasClass("data-table-caption-cell")) { var captionColSpan = $t(esto).attr("colspan"); for(var cidx = index-1; cidx >=0; cidx--) { var cidxe = $t(esto).padre().hijos()[ cidx]; var cidxspan = $t(cidxe).attr("colspan"); if(cidxspan != indefinido && cidxspan > 1) { colIndex = colIndex + (cidxspan - 1) } } currentCellCaption[colIndex] = $t( this).html(); for (c = colIndex + 1; c <= colIndex + (capti onCol lapso - 1); c++) { currentCellCaption[c] = $t(this)[0].innerHTML; } } else if ($t(this).parent().hasClass("data-table-section-header-row")) { $t(replaceTable).find("tbody:first").append("
") var newCell = $t(replaceTable).find("tbody > tr:last > td:last"); var newRow = $t(replaceTable).find("tbody > tr:last"); newRow.attr( "estilo", $t(este).parent().attr("estilo")); newRow.addClass($t(this).parent().attr("class")); newCell.attr("colspan ", 2); newCell.attr("estilo", $t(this).attr("style")); newCell.addClass($t(this).attr("class")); } }); } for (r = 0; r < rowSpanIndexes.length; r++) { if (rowSpanIndexes[r] > 0) { rowSpanIndexes[r]--; } } }); scrollTable = false; } catch(tblexc){ console.log (tblexec); scrollTable = true; } } while (newIndex != -1) { if ($t(this).hasClass("cisco-data-table") && !scrollTable) { var c4 = replaceTable[0]. HTML extern; c3 = c2.replace(escTable, escTable + c4); tmp = null; } else { c3 = c2.replace(escTable, '
' + escTable + '
'); } contenido = contenido.subcadena(0, nuevoÍndice) + c3; newIndex = content.indexOf (escTable, newIndex + escTable.length); if(nuevoÍndice!= -1){ c2 = contenido.subcadena(nuevoÍndice,contenido.longitud); } } } if (actualizar) { parent.html(inhalt); } }); }); $t(".reduzierbare-linkliste h2.ud-abschnittsüberschrift").click(function () { $t(this).toggleClass("open"); return false; }); $t(.ud-Seitenlinkliste h2.ud-Abschnittsüberschrift").click(function () { $t(this).toggleClass("open"); return false; }); $t(.ud-main-link-list h2.ud-section-heading").click(function () { $t(this).toggleClass("open"); return false; }); $t("a.tableToggler").click(function () { if($t(this).prev("table").find("tr:eq(3)").length==0) { $ t(this).toggle(); return; } if($t(this).text() == "Mostrar historial completo...") { $t(this).html("Mostrar menos"); } else { $t(this).html("Mostrar historial completo..."); } var $tr = $t(this).prev("table").find("tr:eq(3)"). alternar(); $tr.nextAll().alternar(); }).prev("tabla").find("tr:eq(3)").show().end().end().trigger ('Hacer-Klick'); $t("a.alternar contentido relacionado").click(function () { if ($t(esto).hasClass("menos")) { $t(esto).removeClass("menos"); $t( esto) .parent().find("div.flexrow:eq(9)").nextAll().addClass("relatedoverflow-hidden"); $t(this).text("Höchste Aufgabe "+relatedCount+". .. "); } else { $t(esto).addClass("menos"); $t(esto).parent().find("div.flexrow:eq(9)").nextAll().removeClass ("relatedoverflow-hidden"); $t(this).text("Mostrar menos"); } return false; }); //Dialogsteuerung hideDisalogs(); $t(ventana).resize(funktion(){ hideDisalogs(); }); $t('cuerpo').click(función (e) { hideDisalogs(); }); //CVE starten $t('.cves').click(function (e) { e.stopPropagation(); $t(".cves").show();}); $t('.closeCVE').click(function (e) { e.stopPropagation(); $t(.cves").hide(); return false; }); $t('.showCVE').click(function (e) { hideDisalogs(); e.stopPropagation(); var $cveIWidthDiv = $t(this).parent().parent().parent().find( ".cveParentIWidth"); var $cveparentDiv = $t(this).parent().parent().parent().find(".cves"); var $content = $t(this).parent(). parent().parent().find("#fullcvecontent_content"); var $this = $t(this); showDialog($this, $cveIWidthDiv, $cveparentDiv, $content); return false; }); //Terminar CVE //Comenzar CWE $t('.cwes').click(function (e) { e.stopPropagation(); $t(.cwes").show(); }); $t('.closeCWE').click(function (e) { e.stopPropagation(); $t(.cwes").hide(); return false; }) $t('.showCWE').click (Funktion (e) { hideDisalogs(); e.stopPropagation(); var $cveIWidthDiv = $t(this).parent().parent().parent().parent().find(".cweParentIWidth"); var $cveparentDiv = $t(this).parent().parent().parent().parent().find(".cwes"); var $contenido = $t(this).parent().parent( ).parent().parent().find("#fullcwecontent_content"); var $this = $t(this); showDialog($this, $cveIWidthDiv, $cveparentDiv, $content); return false; }); //Finalizar CWE //Comenzar ID de errores de DDTS $t('.ddts').click(function (e) { e.stopPropagation(); $t(.ddts").show(); }); $t('.closeDDTS').click(function (e) { e.stopPropagation(); $t(.ddts").hide(); return false; }); $t('.showDDTS').click(function (e) { hideDisalogs(); e.stopPropagation(); var $cveIWidthDiv = $t(this).parent().parent().parent().find( ".ddtsParentIWidth"); var $cveparentDiv = $t(this).parent().parent().parent().find(".ddts"); var $content = $t(this).parent(). parent().parent().find("#fullddtscontent_content"); var $this = $t(this); showDialog($this, $cveIWidthDiv, $cveparentDiv, $content); return false; }); //Terminar ID de errores de DDTS}); Funktion hideDisalogs() { $t(.cves").hide(); $t(".cwes").hide(); $t(".ddts").hide(); } function showDialog($this, $cveIWidthDiv, $cveparentDiv, $content) { $cveIWidthDiv.html(""); var tempCVEArray = ($contenido.html()).split(","); var totalCVE = tempCVEArray.longitud; var parentWidth; var nombreclasecol; var colAncho; var limitPerColumn = 0; if (totalCVE <= 20) { parentWidth = "150px"; limitPerColumn = 20; $cveparentDiv.css("ancho", parentWidth); if ($t(ventana).width() <= 768) { //$cveparentDiv.css("left", "calc(50% - 70px)" ); } $cveIAnchoDiv.append("
"); for (i = 0; i < totalCVE; i++) { $cveIWidthDiv.find(".col1").append("
" + tempCVEArray[i] + "
"); } } if (totalCVE > 20 && totalCVE <= 40) { parentWidth = "300px"; limitPerColumn = 20; $cveparentDiv.css("ancho", parentWidth); if ($t(ventana).ancho() <= 768) { //$cveparentDiv.css("izquierda", "calc(50% - 145px)" ); } $cveIWidthDiv.append("
"); para (i = 0; i < 20; i++) { $cveparentDiv.find(".col1").append("
" + tempCVEArray[i] + "
"); } for (j = 20; j < totalCVE; j++) { $cveIWidthDiv.find(".col2").append("
" + tempCVEArray[j] + "
"); } } if ($t(ventana).width() > 768) { if (totalCVE > 40 && totalCVE <= 60) { parentWidth = "450px"; limitPerColumn = 20; $cveIWidthDiv.append("
"); para (i = 0; i < 20; i++) { $cveIWidthDiv.find(".col1").append("
" + tempCVEArray[i] + "
"); } para (j = 20; j < 40; j++) { $cveIWidthDiv.find(".col2").append("
" + tempCVEArray[j] + "
"); } for (k = 40; k < totalCVE; k++) { $cveIWidthDiv.find(".col3").append("
" + tempCVEArray[k] + "
"); } } if (totalCVE > 60) { ColclassName = "tresCol"; colWidth = "33.33%"; limitPerColumn = parseInt(totalCVE / 3); var lim_remainder = totalCVE % 3; var lim1 = limitPerColumn; var lim2 = 2 * limitPerColumn;; var lim3 = totalCVE; if (lim_remainder == 1) { lim1 = limitPerColumn + 1; lim2 = limitPerColumn + lim1; } if (lim_remainder == 2) { lim1 = limitPerColumn + 1; lim2 = limitPerColumn + lim1 + 1; } $cveIWidthDiv.append("
"); $cveIWidthDiv.css("overflow", "auto"); for (i = 0; i < lim1; i++) { $cveIWidthDiv.find(.col1").append("
" + tempCVEArray[i] + "
"); } for (j = lim1; j < lim2; j++) { $cveIWidthDiv.find(".col2").append("
" + tempCVEArray[j] + "
"); } for (k = lim2; k < lim3; k++) { $cveIWidthDiv.find(".col3").append("
" + tempCVEArray[k] + "
"); } } } if ($t(ventana).width() <= 768) { if (totalCVE > 40) { ColclassName = "twoCol"; colWidth = "50%"; parentWidth = "300px"; $cveparentDiv .css("width", parentWidth); limitPerColumn = parseInt(totalCVE / 2); var lim_remainder = totalCVE % 2; var lim1 = limitPerColumn; var lim2 = totalCVE; if (lim_remainder == 1) { lim1 = limitPerColumn + 1; } $cveIAnchoDiv.append("
"); $cveIWidthDiv.css("overflow", "auto"); for (i = 0; i < lim1; i++) { $cveIWidthDiv.find(.col1").append("
" + tempCVEArray[i] + "
"); } for (j = lim1; j < lim2; j++) { $cveIWidthDiv.find(".col2").append("
" + tempCVEArray[j] + "
"); } } } $cveparentDiv.slideDown(300); var cvwidth = 40; $cveparentDiv.find(".cvecolumn").each(function() { cvwidth = cvwidth + $t(this).width() + 35; }); $cveparentDiv.css("width", cvwidth); if ($t(window).width() > 768) { var cveboxheight = 300; var scrltop = $cveparentDiv.offset().top - ; $t('html, body').animate({ scrollTop: scrltop }, 500); $cveparentDiv.transpose } } function cvssToClip(){ return target = document.getElementById("hdncvssvector"); return currentFocus = document.activeElement ; target.focus(); target.setSelectionRange(0, target.value.length); // Auswahl kopieren var success; try { success = document.execCommand("copy",false,target.value); } catch ( e) { success = false; } // Ursprünglichen Fokus wiederherstellen if (CurrentFocus && currentFocusType.Focus === "function") {CurrentFocus.Focus(); } }
Alt
Note ID:
cisco-sa-bw-dos-HpkeYzp
First posted:
2023Enero1116:00GMT
Version 1.0:
Finale
Problem Hung:
No solutions available
Cisco Error IDs:
CSCwd50136
CVE-2023-20020
CVSS result:
Basis 8.6
Click the icon to copy the detailed score
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H/E:X/RL:X/RC:X
CVE-2023-20020
Descargar CSAF
Descargar CVRF
Continue
A vulnerability in Cisco BroadWorks Application Delivery Platform and Cisco BroadWorks Xtended Services Platform Device Management Servlet application could allow an unauthenticated remote attacker to cause a denial of service (DoS) condition on an affected device.
This vulnerability is due to incorrect input validation when parsing HTTP requests. An attacker could exploit this vulnerability by sending a sustained stream of manipulated requests to an affected device. A successful exploit could allow the attacker to drop all subsequent requests, resulting in a DoS condition.
Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
This notice is available at the following link:
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-bw-dos-HpkeYzp
Affected Products
vulnerable products
This vulnerability affects the device management software Cisco BroadWorks Application Delivery Platform and Cisco BroadWorks Xtended services.Platform.
For information about which Cisco software versions are vulnerable, seefixed softwaresection of this notice.
Confirmed non-susceptible products
Only the ones in thevulnerable productsThe section of this advisory is known to be affected by this vulnerability.
alternative solutions
There are no workarounds that address this vulnerability.
fixed software
Cisco releasedfree software updatesthat fix the vulnerability described in this advisory. Customers with service contracts that entitle them to periodic software updates should obtain security fixes through their regular update channels.
Customers can only install and receive support for software versions and feature sets for which they have purchased a license. By installing, downloading, accessing, or using such software updates, customers agree to comply with the Cisco software license terms:
https://www.cisco.com/c/en/us/products/end-user-license-agreement.htmlIn addition, customers may only download software for which they have a valid license obtained directly from Cisco or through an authorized Cisco reseller or partner. In most cases, this is a maintenance update for previously purchased software. Free security software updates do not entitle customers to a new software license, additional software feature sets, or major hotfix updates.
IsCisco support and download pageon Cisco.com provides licensing and download information. This page may also display customer device support for customers using the My Devices tool.
WhenConsideration of software upgrades, customers are encouraged to periodically review Cisco's product bulletins, available atCisco Security Advisory Pageto determine the exposure and a complete upgrade solution.
In any case, the customer must ensure that the devices to be updated have sufficient memory and confirm that current hardware and software configurations are still compatible with the new version. If the information is unclear, customers are encouraged to contact Cisco Technical Assistance Center (TAC) or their contract maintenance providers.
Customers without service contracts
Customers who purchase directly from Cisco but do not have a Cisco Services Agreement, and customers who purchase through third parties but cannot obtain fixed software through their point of sale should obtain updates by contacting the Cisco TAC:https://www.cisco.com/c/en/us/support/web/tsd-cisco-worldwide-contacts.html
Customers should have the product serial number available and be prepared to provide the URL of this notice as proof of their eligibility for a free upgrade.
fixed releases
In the following tables, the left column lists Cisco software versions. The right column indicates whether a version is affected by the vulnerability described in this advisory and the first version containing the fix for that vulnerability. Customers are advised to upgrade to an appropriate upgradeFix Software versionas specified in this section.
Device management version of the Cisco BroadWorks Application Delivery Platform First fixed version 22.0 ADP_Rel_2022.11_1.273
dms_2022.11_1.273Introducing the Cisco BroadWorks Xtended Services Platform First fixed version 22.0 Migrate to a fixed version. 23.0 AP.xsp.23.0.1075.ap384245
AP.plataforma.23.0.1075.ap384245The Cisco Product Security Incident Response Team (PSIRT) only validates the affected and fixed release information documented in this advisory.
Use and Public Announcements
Cisco PSIRT is not aware of any public announcement or malicious exploitation of the vulnerability described in this advisory.
Fuente
This vulnerability was found while resolving a Cisco TAC support case.
Cisco Vulnerability Policy
For Cisco vulnerability disclosure policies and publications, seeVulnerability Policy. This document also includes instructions for resolving software repairs and obtaining information about security vulnerabilities from Cisco.
Subscribe to Cisco Security Notifications
Subscribe to
Refers to this note
URL
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-bw-dos-HpkeYzp
historical review
execution description section Condition Datum 1.0 First public release. — Finale 2023-ENE-11
Legal notice
THIS DOCUMENT IS PROVIDED "AS IS" AND NO WARRANTIES OR CONDITIONS OF ANY KIND, INCLUDING WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE, ARE DISCLAIMED. YOUR USE OF THE INFORMATION IN THE DOCUMENT OR ANY MATERIALS LINKED TO THE DOCUMENT IS AT YOUR SOLE RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME.
Any independent copy or paraphrase of the text of this document that omits the distribution URL is an uncontrolled copy and may be missing material information or contain factual errors. The information in this document is intended for end users of Cisco products.
Comment
Leave additional comments
Cisco Vulnerability Policy
For Cisco vulnerability disclosure policies and publications, seeVulnerability Policy. This document also includes instructions for resolving software repairs and obtaining information about security vulnerabilities from Cisco.
Subscribe to Cisco Security Notifications
Subscribe to
Refers to this note