CVE-2023-6269 Vulnerability Details

  /     /     /  

CVE-2023-6269 Metadata Quick Info

CVE Published: 05/12/2023 | CVE Updated: 02/08/2024 | CVE Year: 2023
Source: SEC-VLab | Vendor: Atos Unify | Product: OpenScape Session Border Controller (SBC)
Status : PUBLISHED

CVE-2023-6269 Description

An argument injection vulnerability has been identified in the administrative web interface of the Atos Unify OpenScape products "Session Border Controller" (SBC) and "Branch", before version V10 R3.4.0, and OpenScape "BCF" before versions V10R10.12.00 and V10R11.05.02. This allows an unauthenticated attacker to gain root access to the appliance via SSH (scope change) and also bypass authentication for the administrative interface and gain access as an arbitrary (administrative) user.

Metrics

CVSS Version: 3.1 | Base Score: 10 CRITICAL
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

l➤ Exploitability Metrics:
    Attack Vector (AV)* NETWORK
    Attack Complexity (AC)* LOW
    Privileges Required (PR)* NONE
    User Interaction (UI)* NONE
    Scope (S)* CHANGED

l➤ Impact Metrics:
    Confidentiality Impact (C)* HIGH
    Integrity Impact (I)* HIGH
    Availability Impact (A)* HIGH

Weakness Enumeration (CWE)

CWE-ID: CWE-88
CWE Name: CWE-88 Improper Neutralization of Argument Delimiters in a Command ( Argument Injection )
Source: Atos Unify

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID: CAPEC-115
CAPEC Description: CAPEC-115 Authentication Bypass