An argument injection vulnerability has been identified in the
administrative web interface of the Atos Unify OpenScape products "Session Border Controller" (SBC) and "Branch", before version V10 R3.4.0, and OpenScape "BCF" before versions V10R10.12.00 and V10R11.05.02. This allows an
unauthenticated attacker to gain root access to the appliance via SSH (scope change) and also bypass authentication for the administrative interface and gain
access as an arbitrary (administrative) user.
References
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 08:43
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 10.0 |
References | () http://packetstormsecurity.com/files/176194/Atos-Unify-OpenScape-Authentication-Bypass-Remote-Code-Execution.html - | |
References | () http://seclists.org/fulldisclosure/2023/Dec/16 - | |
References | () https://networks.unify.com/security/advisories/OBSO-2310-01.pdf - Vendor Advisory | |
References | () https://r.sec-consult.com/unifyroot - Exploit, Third Party Advisory |
13 Dec 2023, 17:15
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 9.8 |
CWE | CWE-88 | |
References |
|
|
References | () https://networks.unify.com/security/advisories/OBSO-2310-01.pdf - Vendor Advisory | |
References | () https://r.sec-consult.com/unifyroot - Exploit, Third Party Advisory | |
CPE | cpe:2.3:a:atos:unify_openscape_bcf:*:*:*:*:*:*:*:* cpe:2.3:a:atos:unify_openscape_branch:*:*:*:*:*:*:*:* cpe:2.3:a:atos:unify_openscape_session_border_controller:*:*:*:*:*:*:*:* |
|
First Time |
Atos unify Openscape Session Border Controller
Atos unify Openscape Bcf Atos unify Openscape Branch Atos |
05 Dec 2023, 08:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-12-05 08:15
Updated : 2024-11-21 08:43
NVD link : CVE-2023-6269
Mitre link : CVE-2023-6269
CVE.ORG link : CVE-2023-6269
JSON object : View
Products Affected
atos
- unify_openscape_branch
- unify_openscape_session_border_controller
- unify_openscape_bcf
CWE
CWE-88
Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')