CVE-2023-6269

Public Exploit

Argument injection vulnerability in Atos Unify OpenScape Session Border Controller, Atos Unify OpenScape Branch and Atos Unify OpenScape BCF

Description

An argument injection vulnerability has been identified in the administrative web interface of the Atos Unify OpenScape products "Session Border Controller" (SBC) and "Branch", before version V10 R3.4.0, and OpenScape "BCF" before versions V10R10.12.00 and V10R11.05.02. This allows an unauthenticated attacker to gain root access to the appliance via SSH (scope change) and also bypass authentication for the administrative interface and gain access as an arbitrary (administrative) user.

References

Link	Tags
https://networks.unify.com/security/advisories/OBSO-2310-01.pdf	vendor advisory
https://r.sec-consult.com/unifyroot	third party advisory exploit
http://seclists.org/fulldisclosure/2023/Dec/16
http://packetstormsecurity.com/files/176194/Atos-Unify-OpenScape-Authentication-Bypass-Remote-Code-Execution.html

Frequently Asked Questions

What is the severity of CVE-2023-6269?: CVE-2023-6269 has been scored as a critical severity vulnerability.
How to fix CVE-2023-6269?: To fix CVE-2023-6269, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2023-6269 being actively exploited in the wild?: It is possible that CVE-2023-6269 is being exploited or will be exploited in a near future based on public information. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2023-6269?: CVE-2023-6269 affects Atos Unify OpenScape Session Border Controller (SBC), Atos Unify OpenScape Branch, Atos Unify OpenScape BCF.

Description

Category

CWE-88 – Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')

References

Frequently Asked Questions