Rewterz Threat Advisory – CVE-2023-20215 – Cisco AsyncOS Software for Cisco Secure Web Appliance Vulnerbility

Rewterz Threat Advisory – CVE-2023-38138 – F5 BIG-IP Vulnerability

August 3, 2023

Rewterz Threat Advisory – CVE-2023-20204 – Cisco BroadWorks CommPilot Application Software Vulnerability

August 3, 2023

Rewterz Threat Advisory – CVE-2023-20215 – Cisco AsyncOS Software for Cisco Secure Web Appliance Vulnerbility

Severity

Medium

Analysis Summary

CVE-2023-20215

Cisco AsyncOS Software for Cisco Secure Web Appliance could allow a remote attacker to bypass security restrictions, caused by improper detection of malicious traffic when the traffic is encoded with a specific content format. By using an affected device to connect to a malicious server and receiving crafted HTTP responses, an attacker could exploit this vulnerability to bypass an explicit block rule and receive traffic that should have been rejected by the device

Impact

Security Bypass

Indicators Of Compromise

CVE

CVE-2023-20215

Affected Vendors

Cisco

Affected Products

Cisco AsyncOS for Secure Web Appliance
Cisco Secure Web Appliance

Remediation

Refer to Cisco Security Advisory for patch, upgrade or suggested workaround information.

Cisco Security Advisory

Rewterz Threat Advisory – CVE-2023-38138 – F5 BIG-IP Vulnerability

Rewterz Threat Advisory – CVE-2023-20204 – Cisco BroadWorks CommPilot Application Software Vulnerability

Rewterz Threat Advisory – CVE-2023-20215 – Cisco AsyncOS Software for Cisco Secure Web Appliance Vulnerbility

Severity

Analysis Summary

Impact

Indicators Of Compromise

CVE

Affected Vendors

Affected Products

Remediation

Security Operations Centers across the region

Saudi Arabia

UAE

Oman

Pakistan