CVE-2023-6269

05.12.2023, 08:15

An argument injection vulnerability has been identified in the
administrative web interface of the Atos Unify OpenScape products "Session Border Controller" (SBC) and "Branch", before version V10 R3.4.0,and OpenScape "BCF" before versions V10R10.12.00 and V10R11.05.02. This allows an
unauthenticated attacker to gain root access to the appliance via SSH (scope change) and also bypass authentication for the administrative interface and gain
access as an arbitrary (administrative) user.

Argument Injection

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	10 CRITICAL	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
SEC-VLab	CNA	10 CRITICAL	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
CVE	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 62%

Vendor	Product	Version
atos	unify_openscape_bcf	10 ≤ 𝑥 < 10r10.12.00
atos	unify_openscape_branch	10 ≤ 𝑥 < 10r3.4.0
atos	unify_openscape_session_border_controller	10 ≤ 𝑥 < 10r3.4.0

𝑥

= Vulnerable software versions

Known Exploits!

Common Weakness Enumeration

CWE-88 - Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')
The software constructs a string for a command to executed by a separate component in another control sphere, but it does not properly delimit the intended arguments, options, or switches within that command string.

References

http://packetstormsecurity.com/files/176194/Atos-Unify-OpenScape-Authentication-Bypass-Remote-Code-Execution.html

http://seclists.org/fulldisclosure/2023/Dec/16

https://networks.unify.com/security/advisories/OBSO-2310-01.pdf

https://r.sec-consult.com/unifyroot

http://packetstormsecurity.com/files/176194/Atos-Unify-OpenScape-Authentication-Bypass-Remote-Code-Execution.html

http://seclists.org/fulldisclosure/2023/Dec/16

https://networks.unify.com/security/advisories/OBSO-2310-01.pdf

https://r.sec-consult.com/unifyroot