1. Home
  2. CVE Database
  3. CVE-2023-6269
CRITICAL · 10.0

CVE-2023-6269

An argument injection vulnerability has been identified in the administrative web interface of the Atos Unify OpenScape products "Session Border Controller" (SBC) and "Branch", before version V10 R3....

Vulnerability Description

An argument injection vulnerability has been identified in the administrative web interface of the Atos Unify OpenScape products "Session Border Controller" (SBC) and "Branch", before version V10 R3.4.0, and OpenScape "BCF" before versions V10R10.12.00 and V10R11.05.02. This allows an unauthenticated attacker to gain root access to the appliance via SSH (scope change) and also bypass authentication for the administrative interface and gain access as an arbitrary (administrative) user.

CVSS Score

10.0

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality
HIGH
Integrity
HIGH
Availability
HIGH

Affected Products

VendorProductVersions
AtosUnify Openscape Bcf>= 10, < 10r10.12.00
AtosUnify Openscape Branch>= 10, < 10r3.4.0
AtosUnify Openscape Session Border Controller>= 10, < 10r3.4.0

Related Weaknesses (CWE)

CWE-88

References

FAQ

What is CVE-2023-6269?

CVE-2023-6269 is a vulnerability with a CVSS score of 10.0 (CRITICAL). An argument injection vulnerability has been identified in the administrative web interface of the Atos Unify OpenScape products "Session Border Controller" (SBC) and "Branch", before version V10 R3....

How severe is CVE-2023-6269?

CVE-2023-6269 has been rated CRITICAL with a CVSS base score of 10.0/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2023-6269?

Check the references section above for vendor advisories and patch information. Affected products include: Atos Unify Openscape Bcf, Atos Unify Openscape Branch, Atos Unify Openscape Session Border Controller.