CVE-2023-6269

Name of the Vulnerable Software and Affected Versions Atos Unify OpenScape "Session Border Controller" (SBC) and "Branch" versions prior to V10 R3.4.0 Atos Unify OpenScape "BCF" versions prior to V10R10.12.00 and V10R11.05.02

Description An argument injection vulnerability has been identified in the administrative web interface of the Atos Unify OpenScape products. This allows an unauthenticated attacker to gain root access to the appliance via SSH and also bypass authentication for the administrative interface, gaining access as an arbitrary administrative user.

Recommendations For Atos Unify OpenScape "Session Border Controller" (SBC) and "Branch" versions prior to V10 R3.4.0, update to version V10 R3.4.0 or later to resolve the issue. For Atos Unify OpenScape "BCF" versions prior to V10R10.12.00, update to version V10R10.12.00 or later to resolve the issue. For Atos Unify OpenScape "BCF" versions prior to V10R11.05.02, update to version V10R11.05.02 or later to resolve the issue. As a temporary workaround, consider restricting access to the administrative web interface to minimize the risk of exploitation.