CVE-2020-14580

Name of the Vulnerable Software and Affected Versions Oracle Communications Session Border Controller versions 8.1.0 through 8.3.0

Description The issue is related to insufficient input validation in the System Admin component of the Oracle Communications Session Border Controller. This can be exploited by a remote attacker to impact the confidentiality, integrity, and availability of protected information. The vulnerability can be easily exploited and requires human interaction from a person other than the attacker. Successful attacks can result in unauthorized access to critical data, complete access to all accessible data, unauthorized updates, inserts, or deletes, and a partial denial of service.

Recommendations For versions 8.1.0 through 8.3.0, consider restricting access to the System Admin component via SSH to minimize the risk of exploitation until a patch is available. As a temporary workaround, limit network access to the Oracle Communications Session Border Controller to reduce the attack surface. Additionally, monitor the system for any suspicious activity that may indicate an attack. At the moment, there is no information about a newer version that contains a fix for this vulnerability.