CVE-2023-6269 (CVSS: 10): Unpatched Vulnerability Leaves Atos Unify OpenScape at Risk of Root Access

In the constantly evolving domain of cybersecurity, a new vulnerability has surfaced, striking at the heart of Atos Unify’s OpenScape products. This alarming security flaw, identified in the Atos Unify OpenScape SBC, Branch, and BCF, poses a severe threat to the integrity of these widely used systems. With a CVE-2023-6269 rating, this vulnerability has been categorized as critical, underlining its potential for widespread damage.

This vulnerability, an argument injection flaw, allows unauthenticated attackers to bypass administrative web interfaces and execute arbitrary code. This alarming loophole could enable attackers to gain root access to the appliance via SSH, leading to a complete compromise of the system.

CVE-2023-6269

Rated with a CVSS3.1 Base score of 10 (critical), the CVE-2023-6269 vulnerability underscores the severity and potential impact. The administrative web interface of these products insufficiently escapes supplied login credentials before passing them to a user management application, opening the door for unauthorized access and control.

Security researcher Armin Weihbold and the SEC Consult Vulnerability Lab have been credited for disclosing and supporting
the company to remediate the issues.

Products confirmed to be affected include Atos Unify OpenScape SBC V10, Branch V10, and BCF V10, with specific versions before their respective updates.

Vulnerable Version

  • OpenScape SBC before V10 R3.4.0
  • OpenScape Branch before V10 R3.4.0
  • OpenScape BCF V10 before V10R10.12.00 and V10R11.05.02

Fixed Version

  • OpenScape SBC V10 R3.4.0 or higher
  • OpenScape Branch V10 R3.4.0 or higher
  • OpenScape BCF V10R10.12.00 or higher, V10R11.05.02

Users of these versions are urgently advised to update their systems with the available fix release to mitigate the vulnerability.

In addition to the recommended update, several workarounds have been suggested, including disabling low-privileged accounts or SSH access for these accounts, ensuring the root account is not accessible via SSH, restricting external SSH access, and not exposing the admin interface of the affected systems publicly.