PT-2023-32584 · Atos · Atos Unify Openscape Session Border Controller+2
Armin Weihbold
·
Published
2023-12-05
·
Updated
2023-12-13
·
CVE-2023-6269
CVSS v3.1
10
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Atos Unify OpenScape "Session Border Controller" (SBC) and "Branch" versions prior to V10 R3.4.0
Atos Unify OpenScape "BCF" versions prior to V10R10.12.00 and V10R11.05.02
Description
An argument injection vulnerability has been identified in the administrative web interface of the Atos Unify OpenScape products. This allows an unauthenticated attacker to gain root access to the appliance via SSH and also bypass authentication for the administrative interface, gaining access as an arbitrary administrative user.
Recommendations
For Atos Unify OpenScape "Session Border Controller" (SBC) and "Branch" versions prior to V10 R3.4.0, update to version V10 R3.4.0 or later to resolve the issue.
For Atos Unify OpenScape "BCF" versions prior to V10R10.12.00, update to version V10R10.12.00 or later to resolve the issue.
For Atos Unify OpenScape "BCF" versions prior to V10R11.05.02, update to version V10R11.05.02 or later to resolve the issue.
As a temporary workaround, consider restricting access to the administrative web interface to minimize the risk of exploitation.
Exploit
Fix
Argument Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Atos Unify Openscape Bcf
Atos Unify Openscape Branch
Atos Unify Openscape Session Border Controller