Argument injection vulnerability in Atos Unify OpenScape Session Border Controller, Atos Unify OpenScape Branch and Atos Unify OpenScape BCF
CVE-2023-6269

10CRITICAL

Key Information:

Vendor

Atos Unify

Status
Openscape Session Border Controller (sbc)
Openscape Branch
Openscape Bcf
Vendor
CVE Published:
5 December 2023

What is CVE-2023-6269?

An argument injection vulnerability exists in the administrative web interface of Atos Unify OpenScape products, specifically affecting the Session Border Controller and Branch systems, prior to version V10 R3.4.0, as well as the OpenScape BCF before versions V10R10.12.00 and V10R11.05.02. This vulnerability permits unauthenticated attackers to exploit the system, leading to unauthorized root access via SSH and potentially bypassing authentication protocols. Such exploitation facilitates unauthorized access as an arbitrary administrative user, significantly compromising the security of the affected systems.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

OpenScape BCF 0

OpenScape BCF 0

OpenScape Branch 0

References

https://networks.unify.com/security/advisories/OBSO-2310-...
vendor-advisory
https://r.sec-consult.com/unifyroot
third-party-advisory
http://seclists.org/fulldisclosure/2023/Dec/16

CVSS V3.1

Score:
10
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Armin Weihbold (SEC Consult Vulnerability Lab)
JSON
.