10
CVE-2023-6269
- EPSS 1.86%
- Veröffentlicht 05.12.2023 08:15:08
- Zuletzt bearbeitet 21.11.2024 08:43:30
- Quelle 551230f0-3615-47bd-b7cc-93e92e
- CVE-Watchlists
- Unerledigt
LoginArgument injection vulnerability in Atos Unify OpenScape Session Border Controller, Atos Unify OpenScape Branch and Atos Unify OpenScape BCF
An argument injection vulnerability has been identified in the administrative web interface of the Atos Unify OpenScape products "Session Border Controller" (SBC) and "Branch", before version V10 R3.4.0, and OpenScape "BCF" before versions V10R10.12.00 and V10R11.05.02. This allows an unauthenticated attacker to gain root access to the appliance via SSH (scope change) and also bypass authentication for the administrative interface and gain access as an arbitrary (administrative) user.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Atos ≫ Unify Openscape Bcf Version >= 10 < 10r10.12.00
Atos ≫ Unify Openscape Branch Version >= 10 < 10r3.4.0
Atos ≫ Unify Openscape Session Border Controller Version >= 10 < 10r3.4.0
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.86% | 0.765 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
| 551230f0-3615-47bd-b7cc-93e92e730bbf | 10 | 3.9 | 6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
|
CWE-88 Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')
The product constructs a string for a command to be executed by a separate component in another control sphere, but it does not properly delimit the intended arguments, options, or switches within that command string.
http://packetstormsecurity.com/files/176194/Atos-Unify-OpenScape-Authentication-Bypass-Remote-Code-Execution.html
http://seclists.org/fulldisclosure/2023/Dec/16
https://networks.unify.com/security/advisories/OBSO-2310-01.pdf
https://r.sec-consult.com/unifyroot