← Voltar para CVEs
CVE-2023-6269
CRITICAL10.0
Descricao
An argument injection vulnerability has been identified in the administrative web interface of the Atos Unify OpenScape products "Session Border Controller" (SBC) and "Branch", before version V10 R3.4.0, and OpenScape "BCF" before versions V10R10.12.00 and V10R11.05.02. This allows an unauthenticated attacker to gain root access to the appliance via SSH (scope change) and also bypass authentication for the administrative interface and gain access as an arbitrary (administrative) user.
Detalhes CVE
Pontuacao CVSS v3.110.0
SeveridadeCRITICAL
Vetor CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Vetor de ataqueNETWORK
ComplexidadeLOW
Privilegios necessariosNONE
Interacao do usuarioNONE
Publicado12/5/2023
Ultima modificacao11/21/2024
Fontenvd
Avistamentos honeypot0
Produtos afetados
atos:unify_openscape_bcfatos:unify_openscape_branchatos:unify_openscape_session_border_controller
Fraquezas (CWE)
CWE-88CWE-88
Referencias
http://packetstormsecurity.com/files/176194/Atos-Unify-OpenScape-Authentication-Bypass-Remote-Code-Execution.html(551230f0-3615-47bd-b7cc-93e92e730bbf)
http://seclists.org/fulldisclosure/2023/Dec/16(551230f0-3615-47bd-b7cc-93e92e730bbf)
https://networks.unify.com/security/advisories/OBSO-2310-01.pdf(551230f0-3615-47bd-b7cc-93e92e730bbf)
https://r.sec-consult.com/unifyroot(551230f0-3615-47bd-b7cc-93e92e730bbf)
http://packetstormsecurity.com/files/176194/Atos-Unify-OpenScape-Authentication-Bypass-Remote-Code-Execution.html(af854a3a-2127-422b-91ae-364da2661108)
http://seclists.org/fulldisclosure/2023/Dec/16(af854a3a-2127-422b-91ae-364da2661108)
https://networks.unify.com/security/advisories/OBSO-2310-01.pdf(af854a3a-2127-422b-91ae-364da2661108)
https://r.sec-consult.com/unifyroot(af854a3a-2127-422b-91ae-364da2661108)
Correlacoes IOC
Sem correlacoes registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.