PT-2023-5420 · Atos · Atos Unify Openscape Branch+2
Armin Weihbold
·
Published
2023-09-18
·
Updated
2023-10-07
·
CVE-2023-36618
CVSS v2.0
9.0
High
| Vector | AV:N/AC:L/Au:S/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
Atos Unify OpenScape Session Border Controller versions through V10 R3.01.03
Atos Unify OpenScape Branch (affected versions not specified)
Atos Unify OpenScape BCF (affected versions not specified)
Description
The issue allows execution of OS commands as root user by low-privileged authenticated users. It is related to deficiencies in the authentication procedure. Exploitation of the issue may allow a remote attacker to execute arbitrary code.
Recommendations
For Atos Unify OpenScape Session Border Controller versions through V10 R3.01.03, consider restricting access to low-privileged users until a patch is available.
For Atos Unify OpenScape Branch and Atos Unify OpenScape BCF, at the moment, there is no information about a newer version that contains a fix for this vulnerability.
Exploit
OS Command Injection
Improper Authentication
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Atos Unify Openscape Bcf
Atos Unify Openscape Branch
Atos Unify Openscape Session Border Controller