← Back

CVE-2023-6269

nvd nist
Published: Dec 5, 2023Modified: Nov 21, 2024

JSON object

Loading...
9.8
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Exploitability: 3.9 / Impact: 5.9
Source: NVD

Description

An argument injection vulnerability has been identified in the administrative web interface of the Atos Unify OpenScape products "Session Border Controller" (SBC) and "Branch", before version V10 R3.4.0, and OpenScape "BCF" before versions V10R10.12.00 and V10R11.05.02. This allows an unauthenticated attacker to gain root access to the appliance via SSH (scope change) and also bypass authentication for the administrative interface and gain access as an arbitrary (administrative) user.

Affected (3)

Atos
3 products
Unify Openscape Bcf
Unify Openscape Branch
Unify Openscape Session Border Controller
Configuration A
3 vulnerable
Vulnerable SoftwareAffected Versions
Unify Openscape Bcf
From 10 to 10r10.12.00
Unify Openscape Branch
From 10 to 10r3.4.0
Unify Openscape Session Border Controller
From 10 to 10r3.4.0

Related CWEs

CWE-88
Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')
The product constructs a string for a command to be executed by a separate component in another control sphere, but it does not properly delimit the intended arguments, options, or switches within that command string.

References (8)

Source: 551230f0-3615-47bd-b7cc-93e92e730bbf
Source: 551230f0-3615-47bd-b7cc-93e92e730bbf
Source: 551230f0-3615-47bd-b7cc-93e92e730bbf
Vendor Advisory
Source: 551230f0-3615-47bd-b7cc-93e92e730bbf
ExploitThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
ExploitThird Party Advisory

Timeline

No history available yet.