Armin Weihbold

**Name of the Vulnerable Software and Affected Versions** One Identity Password Manager versions prior to 5.13.1 **Description** The issue allows Kiosk Escape, affecting the product's functionality to reset Active Directory passwords on the login screen of a Windows client. It launches a Chromium-based browser in Kiosk mode. The escape sequence involves waiting for a session timeout, clicking on the Help icon, navigating to a website that offers file upload, accessing cmd.exe from the file explorer window, and launching cmd.exe as NT AUTHORITYSYSTEM. **Recommendations** For versions prior to 5.13.1, update to version 5.13.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the Help icon and file upload functionality in the Kiosk mode browser to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** One Identity Password Manager versions prior to 5.13.1 **Description** The issue allows Kiosk Escape in One Identity Password Manager, which enables users to reset their Active Directory passwords on the login screen of a Windows client. It launches a Chromium-based browser in Kiosk mode to provide the reset functionality. The escape sequence involves navigating to the Google ReCAPTCHA section, clicking on the Privacy link, observing a new browser window, navigating to any website that offers file upload, navigating to cmd.exe from the file explorer window, and launching cmd.exe as NT AUTHORITYSYSTEM. **Recommendations** For versions prior to 5.13.1, update to version 5.13.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the Google ReCAPTCHA section and disabling file upload functionality in the Kiosk mode browser until a patch is available. Avoid using the Kiosk mode browser to navigate to untrusted websites, and restrict the launch of cmd.exe as NT AUTHORITYSYSTEM to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Atos Unify OpenScape "Session Border Controller" (SBC) and "Branch" versions prior to V10 R3.4.0 Atos Unify OpenScape "BCF" versions prior to V10R10.12.00 and V10R11.05.02 **Description** An argument injection vulnerability has been identified in the administrative web interface of the Atos Unify OpenScape products. This allows an unauthenticated attacker to gain root access to the appliance via SSH and also bypass authentication for the administrative interface, gaining access as an arbitrary administrative user. **Recommendations** For Atos Unify OpenScape "Session Border Controller" (SBC) and "Branch" versions prior to V10 R3.4.0, update to version V10 R3.4.0 or later to resolve the issue. For Atos Unify OpenScape "BCF" versions prior to V10R10.12.00, update to version V10R10.12.00 or later to resolve the issue. For Atos Unify OpenScape "BCF" versions prior to V10R11.05.02, update to version V10R11.05.02 or later to resolve the issue. As a temporary workaround, consider restricting access to the administrative web interface to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Atos Unify OpenScape Session Border Controller versions through V10 R3.01.03 Atos Unify OpenScape Branch (affected versions not specified) Atos Unify OpenScape BCF (affected versions not specified) **Description** The issue allows execution of OS commands as root user by low-privileged authenticated users. It is related to deficiencies in the authentication procedure. Exploitation of the issue may allow a remote attacker to execute arbitrary code. **Recommendations** For Atos Unify OpenScape Session Border Controller versions through V10 R3.01.03, consider restricting access to low-privileged users until a patch is available. For Atos Unify OpenScape Branch and Atos Unify OpenScape BCF, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Atos Unify OpenScape Session Border Controller versions through V10 R3.01.03 Atos Unify OpenScape Branch (affected versions not specified) Atos Unify OpenScape BCF (affected versions not specified) **Description** The issue allows execution of administrative scripts by unauthenticated users due to insufficient input validation in the implementation of the application programming interface of the Session Border Controller's firmware. This can be exploited remotely using HTTP requests, potentially allowing an attacker to perform arbitrary actions. **Recommendations** For Atos Unify OpenScape Session Border Controller versions through V10 R3.01.03: Update to a version that addresses the insufficient input validation issue. For Atos Unify OpenScape Branch: At the moment, there is no information about a newer version that contains a fix for this vulnerability. For Atos Unify OpenScape BCF: At the moment, there is no information about a newer version that contains a fix for this vulnerability.