← Retour aux CVEs
CVE-2023-6269
CRITICAL10.0
Description
An argument injection vulnerability has been identified in the administrative web interface of the Atos Unify OpenScape products "Session Border Controller" (SBC) and "Branch", before version V10 R3.4.0, and OpenScape "BCF" before versions V10R10.12.00 and V10R11.05.02. This allows an unauthenticated attacker to gain root access to the appliance via SSH (scope change) and also bypass authentication for the administrative interface and gain access as an arbitrary (administrative) user.
Details CVE
Score CVSS v3.110.0
SeveriteCRITICAL
Vecteur CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Vecteur d'attaqueNETWORK
ComplexiteLOW
Privileges requisNONE
Interaction utilisateurNONE
Publie12/5/2023
Derniere modification11/21/2024
Sourcenvd
Observations honeypot0
Produits affectes
atos:unify_openscape_bcfatos:unify_openscape_branchatos:unify_openscape_session_border_controller
Faiblesses (CWE)
CWE-88CWE-88
References
http://packetstormsecurity.com/files/176194/Atos-Unify-OpenScape-Authentication-Bypass-Remote-Code-Execution.html(551230f0-3615-47bd-b7cc-93e92e730bbf)
http://seclists.org/fulldisclosure/2023/Dec/16(551230f0-3615-47bd-b7cc-93e92e730bbf)
https://networks.unify.com/security/advisories/OBSO-2310-01.pdf(551230f0-3615-47bd-b7cc-93e92e730bbf)
https://r.sec-consult.com/unifyroot(551230f0-3615-47bd-b7cc-93e92e730bbf)
http://packetstormsecurity.com/files/176194/Atos-Unify-OpenScape-Authentication-Bypass-Remote-Code-Execution.html(af854a3a-2127-422b-91ae-364da2661108)
http://seclists.org/fulldisclosure/2023/Dec/16(af854a3a-2127-422b-91ae-364da2661108)
https://networks.unify.com/security/advisories/OBSO-2310-01.pdf(af854a3a-2127-422b-91ae-364da2661108)
https://r.sec-consult.com/unifyroot(af854a3a-2127-422b-91ae-364da2661108)
Correlations IOC
Aucune correlation enregistree
This product uses data from the NVD API but is not endorsed or certified by the NVD.