← Volver a CVEs
CVE-2023-6269
CRITICAL10.0
Descripcion
An argument injection vulnerability has been identified in the administrative web interface of the Atos Unify OpenScape products "Session Border Controller" (SBC) and "Branch", before version V10 R3.4.0, and OpenScape "BCF" before versions V10R10.12.00 and V10R11.05.02. This allows an unauthenticated attacker to gain root access to the appliance via SSH (scope change) and also bypass authentication for the administrative interface and gain access as an arbitrary (administrative) user.
Detalles CVE
Puntuacion CVSS v3.110.0
SeveridadCRITICAL
Vector CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Vector de ataqueNETWORK
ComplejidadLOW
Privilegios requeridosNONE
Interaccion usuarioNONE
Publicado12/5/2023
Ultima modificacion11/21/2024
Fuentenvd
Avistamientos honeypot0
Productos afectados
atos:unify_openscape_bcfatos:unify_openscape_branchatos:unify_openscape_session_border_controller
Debilidades (CWE)
CWE-88CWE-88
Referencias
http://packetstormsecurity.com/files/176194/Atos-Unify-OpenScape-Authentication-Bypass-Remote-Code-Execution.html(551230f0-3615-47bd-b7cc-93e92e730bbf)
http://seclists.org/fulldisclosure/2023/Dec/16(551230f0-3615-47bd-b7cc-93e92e730bbf)
https://networks.unify.com/security/advisories/OBSO-2310-01.pdf(551230f0-3615-47bd-b7cc-93e92e730bbf)
https://r.sec-consult.com/unifyroot(551230f0-3615-47bd-b7cc-93e92e730bbf)
http://packetstormsecurity.com/files/176194/Atos-Unify-OpenScape-Authentication-Bypass-Remote-Code-Execution.html(af854a3a-2127-422b-91ae-364da2661108)
http://seclists.org/fulldisclosure/2023/Dec/16(af854a3a-2127-422b-91ae-364da2661108)
https://networks.unify.com/security/advisories/OBSO-2310-01.pdf(af854a3a-2127-422b-91ae-364da2661108)
https://r.sec-consult.com/unifyroot(af854a3a-2127-422b-91ae-364da2661108)
Correlaciones IOC
Sin correlaciones registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.