CVE-2023-6269: Unify OpenScape Systems Face Critical Security Breach
A critical vulnerability has been discovered in the administrative web interface of Atos Unify OpenScape products, leaving these systems vulnerable to unauthenticated access and unauthorized control. This alarming flaw, identified as CVE-2023-6269 and assigned a CVSS score of 10 (critical), poses a significant threat to the security of organizations relying on these products.
The vulnerability stems from an argument injection flaw that allows attackers to manipulate user credentials and bypass authentication mechanisms. By exploiting this flaw, attackers can gain root access to the appliance via SSH or log in as an administrator without providing any valid credentials. This effectively grants attackers complete control over the system, enabling them to disrupt operations, steal sensitive data, or launch further attacks.
Armin Weihbold (Office Linz) | SEC Consult Vulnerability Lab has been credited for finding the CVE-2023-6269 flaw. Also, the researcher published the proof-of-concept exploit code for this vulnerability.
Affected Products and Versions
The following Atos Unify OpenScape products are affected by this vulnerability:
- Atos Unify OpenScape SBC versions before V10 R3.4.0
- Atos Unify OpenScape Branch versions before V10 R3.4.0
- Atos Unify OpenScape BCF versions before V10R10.12.00 and V10R11.05.02
Mitigation and Remediation
Organizations deploying affected Atos Unify OpenScape products are advised to immediately apply the available patches to address this critical vulnerability. The vendor has released updated versions for all affected products:
- Atos Unify OpenScape Session Border Controller Firmware Version V10 >=R3.4.0
- Atos Unify OpenScape Branch version V10 >=R3.4.0
- Atos Unify OpenScape BCF version V10 >=V10R10.12.00 and V10R11.05.02
As temporary workarounds, consider implementing the following measures:
- Disable low-privileged accounts (e.g., guest account) or disable SSH access for such accounts.
- Ensure the root account is not accessible via SSH.
- Restrict external SSH access to a single account.
- Avoid publicly exposing the admin interface of affected systems.